Amar Sonik

Excited to share - that my talk 'AI Bit the Hand That Created It' has been officially accepted for @HouSecCon 2025. Thanks to the review panel and organizers for this opportunity. Hope to catch up with ya'll folks there! #CyberSecurity #AI #ConferenceSpeaker #HOUSEC2025 #Infosec

@theXSSrat @owasp Well done Wesley!!! I knew you had it in you!

I am now officially an @owasp Salem speaker :-) Thank you for having me on your roster, it was a genuine honour and I hope you will have me again!

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

Burp AI Agent v0.3.0 is out. Token optimization for passive scanning, active scan queue panel, backend health diagnostics, prompt-result caching, settings migration, nightly CI, BountyPrompt by @BountySecurity and a lot of new tests. github.com/six2dez/burp-a…

@I_Am_Jakoby Dude!!!!!! You’re on another level !! Crazy!!

When doing it with 1 person is not enough 💪 lol no one watch till the end I tried to do a pushup ha

I AM MACHINE DOCUMENTARY SCREENING IN GRAPEVINE TEXAS - Registration Link: eventbrite.com/e/lone-star-cy…

@I_Am_Jakoby Keep it 😊👍🏽

@K1N0SA Thanks! I made is myself 😌

I finally landed the sequence! Calisthenics meetup today was soooo good I actually recorded today and edited a little video 2 new skills ☺️

Proud to announce “I AM MACHINE” was just selected for its 3rd film festival - The Los Angeles Movie & Music Video Awards 2025! LETS GO @hacker_213 @Br4inFr33z3 #CyberSecurity #transhuman #hacker #documentary #film

@I_Am_Jakoby Killer graphics dude !!

New video and giveaway is LIVE 🥳 $350 in hak5 giftcards I'm giving away youtube.com/watch?v=g-tJAH… Just looking at this image could infect your PC! (I'm so serious) This one’s a mix of education and nightmare fuel. Shoutout to Covenant Cyber for sponsoring this month's giveaway 🥰 covenantcyber.com.au

@BarCodeSecurity Love the wording 😊

The Sonik Shot captures Amar’s spirit: cool on the surface, powerful underneath, and built on layers of curiosity, community, and controlled chaos!

@BarCodeSecurity Thank you for having me on Chris!

NEW EPISODE ALERT featuring Amar Sonik, Infosec Speaker & Circuit Evangelist | “K1NOSA” 🎧 SPOTIFY: open.spotify.com/episode/45T9gL… ▶️ YOUTUBE (LIKE & SUBSCRIBE): youtu.be/qr4GBZkSI1A

CVE-2025-59287 is being actively exploited. Update Windows Server Update Services now to reduce risk of a threat actor achieving remote code execution with system privileges. See our Alert for details ➡️ go.dhs.gov/in5 #Cybersecurity

@PhillipWylie @dopesecurity @HouSecCon @m1a1vet @FulcrumFoundry @K1N0SA

Axera AX8850 M.2 AI and LLM accelerator. cnx-software.com/2025/10/03/m5s… @M5Stack LLM-8850 is a $99 M.2 Key-M 2242 AI accelerator card that works on Raspberry Pi 5, Rockchip RK3588 SBCs, and Linux mini PCs with a spare M.2 PCIe socket. Note that it does not work on Windows machines at this time. The company provides plenty of demos for vision, LLM, generative AI, Multimodal, and audio models.

@I_Am_Jakoby May the force be with you my friend!

Going to be dropping the first video on my new YouTube channel 10 days from now on my birthday 🎂 This video is an entire year in the making 🤯 @i_am_jakoby" target="_blank" rel="nofollow noopener">Youtube.com/@i_am_jakoby

NIST is teaming up with CoSAI to lock down AI Basically, they’re lining up standards plus real tools to keep AI from going off the rails (think prompt hacks, supply chain mess, poisoned models). Cool to see security + AI folks finally on the same page. cybrsecmedia.com/nist-ai-contro…

⚠️ Warning — One hidden email could trick ChatGPT’s Deep Research into stealing your Gmail inbox. Dubbed “ShadowLeak,” this stealth attack hides commands in invisible HTML, making the AI grab and exfiltrate your data—without a single click. Details → thehackernews.com/2025/09/shadow…

@Sec_Sammy @I_Am_Jakoby

@I_Am_Jakoby Def add the “open for work” thing on your LinkedIn profile pic.

You guys I need your help! I finally used my LinkedIn and shared my website before I went to bed last night I had 2 likes when I fell asleep and I woke up to this! 1500 new followers, 500 connections, 100k impressions, 1.2k interactions 🤯 I feel like I need to capitalize on this and use my next post to: 1. Find a job 2. Maybe get some sponsors for the website So i am open to any and all suggestions. What should my next post look like? And also a huge shoutout to @HarmVeenstra . This post started blowing up shortly after he shared it with him community and I am so very grateful