Arthur Gervais

AI for Security has never been more exciting. Let me present MAPTA, our multi-agent framework that found multiple (now confirmed!) Remote Code Executions (RCE's) in flagship web products of Tier-1 companies. Why the secrecy? We're good boys, letting them cook patched through responsible disclosure. What's our secret sauce? 1/n

tl;dr: alignment ≠ vibes alignment = runtime firewall for actions the agents can think whatever they want. they just can't touch prod 😌 with @Zaddyzaddy @MarcoGuarnier1 arxiv.org/abs/2605.00081

we call it *alignment contracts*: define what is allowed, not what it should want and then attempt to mathematically prove: even a fully malicious / prompt-injected model... still can't break scope (if you mediate effects)

"please don't hack beyond target X" agent: hacks out-of-scope things anyways our paper: -> stop aligning intent -> enforce effects -> slap the agent if it tries something illegal

so how many consecutive CVEs have you managed to mine?

openai is so precise, while claude writes much better text. i prefer precision over poetry

@Teslab_ct still delivering a CT for CH?

From Teslab to werk.lab We’re expanding what we do – staying independent, and evolving our name with it. Same core. Bigger vision. More insights coming soon. Excited for what’s next.

@BugBunny_ai what's your \goal

i hope my dad is still proud of the bunny 🥹 current Q2'26 stats

single most important feature in a while

@fcoury @sughanthans1 🥹

@sughanthans1 Not yet!

/goal also lands in Codex CLI 0.128.0. Our take on the Ralph loop: keep a goal alive across turns. Don't stop until it's achieved. Built by my co-worker and OpenAI mentor Eric Traut, aka the Pyright guy. One of the GOATs I get to work with daily.

good start, but using agentic security systems (ASS) on high risk assets is important to secure them i am also missing a discussion on creating **alignment contracts** thay would keep the ASS in check

can confirm, the harness matters but some things in the harness matter more than others e.g. the agent architecture matters less. the agent tools/context/knowledge database matters more

📣📢 Calling all Android and Chrome bug hunters 🧑‍💻🔎! We're updating our Android & Chrome VRP programs to ensure we can continue to reward the most challenging and impactful vulnerabilities researchers find in our products. For details, 👇 bughunters.google.com/blog/evolving-…

you don't need mythos

It’s time to demystify Mythos. Mythos is not magic. It’s not a doomsday device. It’s the first of many models that can automate cyber tasks (just like coding). OpenAI’s GPT-5.5-cyber can now do the same. And all the frontier models (including those from China) will be there within approximately 6 months. It’s important to recognize that these models do not create vulnerabilities; they discover them. The bugs are already in the code. Using AI to discover and patch them will actually harden these systems. The leap from pre-AI cyber to post-AI cyber means that there will be a big upgrade cycle. After that, however, the market is likely to reach a new equilibrium between AI-powered cyber-offense and AI-powered cyber-defense. Obviously it’s important that cyber defenders get access before cyber attackers. That process is already underway but needs to happen quickly (see point above about Chinese models). Unlike Mythos, GPT-5.5-cyber appears not to be token constrained so it may be the first cyber model that defenders actually get to use.

@denisyurchak great post, laptops should definitely be allowed in any cafe, acc!

Sitting at a cafe in Warsaw, 90% of people are working with their laptops Same cafe in Western Europe – most would be reading books, newspapers, or chatting, almost 0 people working The staff would kick you out the moment you take your laptop out of your bag, because "cafes are for social life, not work" In Warsaw and Krakow, there are a ton of specialty coffee places that allow laptops. The internet is usually good, and nobody is going to harass you if you work or do calls The price of a coffee cup is around 16-18 zl (4 euros). You can take 1 or 2 and sit in the cafe for hours. This is a small detail, but very telling about the vibe in Poland vs Western Europe In Poland, people will respect you for building cool shit or trying to start a business. The people are hungry, and there is a hustler mentality In Western Europe, people are content with what they have (a house from grandparents they can rent out and live off it) or rely on the state This gives rise to a society of eternal students of political science and bureaucrats. If anybody wants to build a business, they leave and go to the US Meanwhile, Poland is taking over Spain in GDP per capita, and soon will take over the UK as well

@a16zcrypto there're already peer-reviewed works benchmarking the same, e.g. our 2025 work "AI agent smart contract exploit generation" arxiv.org/abs/2507.05558

@0x3b33 bounty offers are increasing lately

382k USDC hacked from YieldCore They have offered a 50% bug bounty in return for the other 50%. Very generous

@garrytan @ehsayaan @ycombinator it would be dope if you'd collect vulnerability reports for all yc companies. can help you auto-triage

@ehsayaan @ycombinator DMed

Hey @garrytan @ycombinator how can i report serious security vulnerabilities in YCombinator? Do you guys have a bug bounty program?

@Mugilan_SS @OpenAI nice, living on the edge

Codex is not like claude code. if you know the limit is going to end, like last 10 to 8%, give an very long run task, and even after the limit got ever, it will continue to do the task until the task was completed. Shout out to @OpenAI team.

@IvankovicBoris leider ist der Tesla auch der lauteste (Reifen + Windgeräusche)

Interessanter carwow-Test: Premium-E-SUVs im direkten Duell. Tesla Model Y Long Range AWD: • Stärkste Beschleunigung (507 PS) • Beste Effizienz → realweltstärkste Reichweite pro Batteriegröße • Mehr Stauraum (Frunk + Kofferraum) • Ca. 8.000 € günstiger als die Konkurrenz Fazit der Tester: Tesla ist der klare Sieger als Allrounder & Preis-Leistungs-Sieger. Die Deutschen punkten bei Design & Fahrdynamik, kommen aber insgesamt nicht vorbei. Warum Tesla so gut abschneidet? Effizienz, Packaging & skalierbare Produktion. youtu.be/wyGUe2om-J0?is…