Katie Paxton-Fear

20.8K posts

Katie Paxton-Fear

@InsiderPhD

Dr, apparently. Security Adovcate @semgrep & Hacker. #BugBounty hunter & #infosec YouTuber. APIs & Interlinked OffSec, PhD in AI+Sec @hacknotcrime. she/her

Manchester, UK Katılım Şubat 2018

1.7K Takip Edilen97K Takipçiler

Sabitlenmiş Tweet

Katie Paxton-Fear@InsiderPhD·7 Kas

Find me on the internet Mastodon: @insiderphd" target="_blank" rel="nofollow noopener">infosec.exchange/@insiderphd YouTube: @InsiderPhD" target="_blank" rel="nofollow noopener">youtube.com/@InsiderPhD Newsletter: insiderphd.substack.com Discord: InsiderPhD Bluesky: bsky.app/profile/inside… LinkedIn: linkedin.com/in/katiepf

English

35.8K

Katie Paxton-Fear@InsiderPhD·5h

The official statement: Semgrep is aware of an unsubstantiated claim made by a ransomware actor regarding Semgrep data, and the resulting threat intelligence reports. We take all reports seriously and, while we have no reason to believe the claims or resulting reports are credible, we are nonetheless conducting a broad investigation. Semgrep’s Security and Engineering teams are continuing to investigate this report and we will be publishing updates updates via our Trust Portal at trust.semgrep.dev

English

628

Daniel Cuthbert@dcuthbert·8h

Hoping for all my friends at Semgrep that this isn’t true

Ransom-DB@Ransom_DB

🚨 Ransom group "Qilin" publishes "SEMGREP" - United States 🇺🇸 📍 Location: San Francisco, California, USA 🏢 Industry: Cybersecurity / Application Security 🔗 Website: semgrep.dev Semgrep, Inc., founded in 2017, delivers the Semgrep AppSec Platform combining SAST, SCA, and secrets scanning. It also maintains the open-source Semgrep static analysis tool used across 30+ programming languages by developers and security teams.

English

23.3K

Katie Paxton-Fear@InsiderPhD·8h

@aitization Hahaha nearly right! But not quite my parents were never married and when I (and my brother) was born they both wanted us to have their last names so they double barrelled it (one of them is Paxton the other is Fear), so technically my parents made it up 😂

English

aitization 𝕏 @aitization·9h

@InsiderPhD Your last name is totally made up “Paxton-fear” you thought it’s cool for cybersecurity work lol 😂

English

Katie Paxton-Fear@InsiderPhD·9h

Yikes 🙃

Truffle Security@trufflesec

🔓 CISA admin GitHub App key still LIVE 2 days after Krebs reported it. And there was more: 🔑 Org-wide GitHub admin access 📦 6 JFrog tokens + master keys 🔐 Guessable DB passwords 👉trufflesecurity.com/blog/cisa-leak…

English

3.3K

Katie Paxton-Fear@InsiderPhD·10h

I reviewed these vulnerabilities they are legit 😎😎😎

Drew Dennison@drewdennison

Just finished an experiment using @claude Opus 4.7 xhigh on a popular open source C/C++ repo from a top tech company: - @cramforce's excellent deepsec: does not support C/C++ - A random gist with a code security prompt: 1 critical, 3 high vulnerabilities for $18.09 - Semgrep's new Mandoline tool in "hunt" mode: 3 critical unauthenticated RCE, 15 high, 20 medium, 11 low, a persistent threat model, and a full security report: $7.13 Responsibly reported to the repo owner. Will share details on the vulnerabilities when public

English

5.1K

Katie Paxton-Fear@InsiderPhD·1d

x.com/hedgiemarkets/…

Hedgie@HedgieMarkets

🦔Microsoft canceled its internal Claude Code licenses this week after token-based billing made the cost untenable, even for a company with effectively infinite cloud resources. Uber's CTO sent an internal memo warning the company burned through its entire 2026 AI budget in just four months. American AI software prices have jumped 20% to 37%, and GitHub (owned by Microsoft) is dropping flat-rate plans for usage-based billing across its products. My Take The AI subsidy era is ending in real time. The same company that put $13 billion into OpenAI and built the Azure infrastructure powering most of Anthropic's compute just looked at the bill from a competitor's coding tool and decided it was not worth paying. That is not a productivity failure on Anthropic's end. Token-based pricing is forcing every enterprise customer to confront the actual cost of running these models at scale, and the number turns out to be far higher than the flat-rate experiments suggested. This ties directly to my Gemini Flash post yesterday. Anthropic, OpenAI, and Google all raised effective prices in the last six months. Enterprises that built workflows assuming AI costs would keep falling are now watching annual budgets evaporate in months. Two outcomes look likely from here. Either enterprises scale back AI usage to fit budgets, which slows the revenue ramp the labs need to justify their valuations ahead of IPOs, or the labs cut prices and absorb the losses, which makes the unit economics worse at exactly the wrong moment. Both paths land in the same place, the numbers stop working, and somebody has to take the writedown. Hedgie🤗

ZXX

1.3K

Katie Paxton-Fear@InsiderPhD·1d

If you’re making layoffs now because you want to save $$$ sorry I mean reward outstanding engineers who use AI, just wait until you are properly fucked over a barrel because Claude put up their API pricing 20%

English

1.6K

Katie Paxton-Fear@InsiderPhD·1d

Mark my words 1 year from now people will get laid off because they weren’t able to reduce their AI spend, and the economic conditions will force harsh cuts

English

2.3K

Katie Paxton-Fear@InsiderPhD·2d

@TracketPacer I refuse to use their government name, it'll always be the hacker name for me

English

803

TracketPacer@TracketPacer·3d

the field of cybersecurity is hilarious bc a hacker will be known by a name like siD3w4ys_d4rKst4r or some shit & it’s just a middle aged dude w glasses who coaches his kids’ soccer team

English

940

26.7K

Katie Paxton-Fear@InsiderPhD·2d

@irsdl I’m sorry :( Microsoft doesn’t really run a bug bounty program they run a pls-don’t-sell-exploits-to-foreign-government program so they only really care about a small amount of bugs

English

952

Soroush Dalili@irsdl·3d

Reported an important .NET Framework bug to MS but it is outside of bug bounty scope. I guess .NET Framework apps won't receive much love anymore. Not sure how I feel about reporting similar issues in the future. I guess many people do keep them to themselves now.

English

2.3K

Katie Paxton-Fear@InsiderPhD·3d

@CharlieEriksen @ZackKorman Agreeeeeee especially now with Shai-Hulud using C2s it’s much harder to know exactly how many downstream devs were affected when compared to the ecosystem (it looks like there’s been less community spread every attack wave? But we have no idea what that means for regular devs)

English

Charlie Eriksen@CharlieEriksen·3d

@ZackKorman I would never trust a machine that was infected personally, even if you try to clean it 🤷

English

1.6K

Zack Korman@ZackKorman·3d

Might be a dumb question, but how are devs on personal machines supposed to catch this? Or do a lot of them just stay pwned and never know it?

English

281

41.5K

Katie Paxton-Fear@InsiderPhD·3d

I know you got your start in InfoSec in game hacking don’t try to hide it

BSidesLeeds@BSidesLeeds

🕹️ SPEAKER ANNOUNCEMENT 🎮️ We're thrilled to have @insiderphd, Security Advocate at Semgrep, presenting her talk 'Creative Use of Game Mechanics, Game Hacking that isn't TECHNICALLY Hacking'. Catch Katie's talk on Track 1, and keep an eye out for the full schedule release!

English

1.9K

Katie Paxton-Fear@InsiderPhD·3d

AI trains their models on copyrighted content and argues that it’s fair use yet I can’t get it to generate a Shai-Hulud sticker because of copyright 🤨🤨🤨🤨🤨

English

937

Katie Paxton-Fear@InsiderPhD·3d

Nothing grinds my gears more than a piece of software replacing a completely fine search bar with results in the ms to the world's slowest AI agent spending seconds typing out "sorry I don't know what that means" I'M LOOKING AT YOU NOTION

English

1.2K

Katie Paxton-Fear@InsiderPhD·3d

npm could stop Shai-Hulud but they choose not to

English

1.3K

Katie Paxton-Fear@InsiderPhD·4d

I think my favourite thing about this little thing has been changing the firmware to really fit how I read and the features I want on it, plus the small flash and ram is an interesting engineering challenge too...

Katie Paxton-Fear@InsiderPhD

Very niche post, but if you have an xteink and you use BookFusion, thanks to the new Koreader plugin for BookFusion I now have cross-platform reading between my Mac, iPad, Boox and now xteink too 😂

English

1.3K

Katie Paxton-Fear@InsiderPhD·4d

My fork is very much how I like to use the device but if you're interested then here is my firmware. I STRONGLY recommend BookFusion, great app, great devs, I pay $$$ not because I need the storage but because I just really want to support them. github.com/InsiderPhD/cro…

English

687

Katie Paxton-Fear@InsiderPhD·4d

English

4.8K

Katie Paxton-Fear@InsiderPhD·4d

It sounds kinda insane, the future AppSec engineer doesn't need to learn AppSec, but there's a whole new set of skills we need to teach the next generation of AppSec professionals, ANYWAY I'll leave that for the actual livestream... But you should check it out

Semgrep@semgrep

Should AppSec engineers still learn how to code in the age of AI? 👀 And how do leaders mentor junior engineers when AI can already write large portions of code? In this Security Rulez session, Dr. Katie Paxton-Fear (@InsiderPhd) and Lyft Tech Lead Anshuman Bhartiya share practical insights and strong opinions on how AppSec teams should adapt. 📆 May 20 | 8:00 AM PT / 4:00 PM UTC Register now👉 semgrep.dev/events/securit… #CyberSecurity #AppSec #AI #EngineeringLeadership

English

Katie Paxton-Fear@InsiderPhD·6d

them: to be really cracked with your AI coding you need a harness me, who wasn't really paying attention: uhh yeah of course a harness

English

3.1K

Keşfet

@aitization @TracketPacer @irsdl @CharlieEriksen @ZackKorman @elonmusk @BarackObama @taylorswift13