Jamie Clark

25.5K posts

Jamie Clark banner
Jamie Clark

Jamie Clark

@JamieXML

Personal views. General counsel & CPO @OASISopen. Open source, open standards, cybersec, privacy, DLT. Ex-Wall St., ex-Minnesota. More often Mastodon or BSky

infosec.exchange/@jamiexml Katılım Temmuz 2009
2K Takip Edilen2.5K Takipçiler
Jamie Clark
Jamie Clark@JamieXML·
Find something more worthy to do with that opportunity than just enriching your own sorry self. "America was not built on fear. America was built on courage, on imagination, and an unbeatable determination to do the job at hand." — Harry S. Truman #July4th 🎇🎆
English
0
0
0
37
Jamie Clark
Jamie Clark@JamieXML·
America is still great. In an era of isolation, social fragmentation & economic disruption, its people & industries will still provide innovation and leadership. #Decentralization isn't scary. It's above a wrestling match among a handful of despots. It's an opportunity. #July4th
English
1
0
0
43
Jamie Clark
Jamie Clark@JamieXML·
Considering how technology has changed the world, don't just wonder who will lead the next one: the right answer is that we're now in the #DecentralizedCentury. The next savior is all of us. #July4th 🌎🌍🌏🇺🇸
English
0
0
0
19
Jamie Clark
Jamie Clark@JamieXML·
On this #July4th, we're very both very proud and very privileged to have grown up and made our careers during the American Century. bit.ly/amer-century Equally interested to see what comes next. 🎆🎇
English
1
0
1
38
Jamie Clark
Jamie Clark@JamieXML·
Considering how technology has changed the world, don't just wonder who will lead the next one: the right answer is that we're now in the #DecentralizedCentury. The next savior is all of us. #July4th 🌎🌍🌏🇺🇸
English
0
0
0
12
Jamie Clark
Jamie Clark@JamieXML·
By coincidence, I was in Dublin for EU e-government meetings during a prior Irish EU Presidency (soon: @Ireland2026eu), and lucked into the 100th Bloomsday, an explosion of fancy hats, straw boaters, fluffy period dresses, and historical partying at Joyce-related sites.
English
1
0
0
47
Jamie Clark retweetledi
Khusboo Tayal
Khusboo Tayal@KhusbooT14835·
The engineer who built Claude Code just dropped a 28-minute video on how to write prompts that actually work I've seen $300 courses that don't cover what he shows in the first 10 minutes CLAUDE.md files, memory shortcuts, parallel sessions, prompting patterns all in one video and completely free works whether you're a developer, a beginner, or someone who's been using Claude for months.
English
24
83
300
41K
Jamie Clark
Jamie Clark@JamieXML·
Among other things we spent some time in "Hell," a #Liberties 🇮🇪 Four Corners location. Named… maybe… as it was the original locale of the Four Courts including the Republic's Supreme Court (en.wikipedia.org/wiki/Four_Cour…) before they moved north of the Liffey.
English
0
0
2
106
Jamie Clark
Jamie Clark@JamieXML·
This time, we spent a bit more time up in Dublin in the #Liberties (en.wikipedia.org/wiki/The_Liber…), guided round by literary fam, to see some venerable, artsy and edgy sights new to us. Sort of a local Bohemian Quarter nowadays.
English
1
0
1
132
Jamie Clark
Jamie Clark@JamieXML·
Returning to the US over the weekend. Last couple of EU days are in Ireland. Always happy to be here and see family; another great wedding, this time. We're more often likely to travel for family than random sightseeing.
English
1
0
2
92
Jamie Clark
Jamie Clark@JamieXML·
Clearly some of these selfie experiments work out better than others. Thanks, Holly and Kelly... @OASISopen #CoSAI
Jamie Clark tweet media
English
0
0
1
49
Jamie Clark
Jamie Clark@JamieXML·
Software supply chains. Still some choke points there. #CRA #SBOM #VEX #CSAF Come say hi to @OASISopen at #RSAc2026 this week! #OASISatRSAc #COSAI #cybersec
Aakash Gupta@aakashgupta

Someone just poisoned the Python package that manages AI API keys for NASA, Netflix, Stripe, and NVIDIA.. 97 million downloads a month.. and a simple pip install was enough to steal everything on your machine. The attacker picked the one package whose entire job is holding every AI credential in the organization in one place. OpenAI keys, Anthropic keys, Google keys, Amazon keys… all routed through one proxy. All compromised at once. The poisoned version was published straight to PyPI.. no code on GitHub.. no release tag.. no review. Just a file that Python runs automatically on startup. You didn’t need to import it. You didn’t need to call it. The malware fired the second the package existed on your machine. The attacker vibe coded it… the malware was so sloppy it crashed computers.. used so much RAM a developer noticed their machine dying and investigated. They found LiteLLM had been pulled in through a Cursor MCP plugin they didn’t even know they had. That crash is the only reason thousands of companies aren’t fully exfiltrated right now. If the code had been cleaner nobody notices for weeks. Maybe months. The attack chain is the part that gets worse every sentence. TeamPCP compromised Trivy first. A security scanning tool. On March 19. LiteLLM used Trivy in its own CI pipeline… so the credentials stolen from the SECURITY product were used to hijack the AI product that holds all your other credentials. Then they hit GitHub Actions. Then Docker Hub. Then npm. Then Open VSX. Five package ecosystems in two weeks. Each breach giving them the credentials to unlock the next one. The payload was three stages.. harvest every SSH key, cloud token, Kubernetes secret, crypto wallet, and .env file on the machine.. deploy privileged containers across every node in the cluster.. install a persistent backdoor waiting for new instructions. TeamPCP posted on Telegram after: “Many of your favourite security tools and open-source projects will be targeted in the months to come.. stay tuned.” Every AI agent, copilot, and internal tool your company shipped this year runs on hundreds of packages exactly like this one… nobody chose to install LiteLLM on that developer’s machine. It came in as a dependency of a dependency of a plugin. One compromised maintainer account turned the entire trust chain into a credential harvesting operation across thousands of production environments in hours. The companies deploying AI the fastest right now have the least visibility into what’s underneath it.

English
0
0
0
206