Keval

384 posts

Keval

@KevalJagani1

CoFounder - @trynoscope by @tryhackme - Building AI Agents for Cybersecurity

🇨🇦 Katılım Mart 2017

1.4K Takip Edilen550 Takipçiler

Sabitlenmiş Tweet

Keval@KevalJagani1·5 Eki

Atomic Habits by @JamesClear should be part of the syllabus at school.

English

373

Keval@KevalJagani1·3d

Last week we hosted webinar on, "AI is Accelerating Attacks: How to Evolve Your Pentest Methodology" with 1,400 people signed up. Thank you to everyone who joined! If you missed it (or want to rewatch), the full recording is up now: noscope.com/webinars/pente… We covered how attackers are using AI to move faster than traditional security teams can respond, and why you should be evolving your pentest methodology in 2026.

English

1.6K

Keval@KevalJagani1·4d

@FarzaTV I think a whole new category of products will be created around a general interface. This is really cool and has an extremely broad use case. @FarzaTV how can I invest in clicky😅

English

213

Farza 🇵🇰🇺🇸@FarzaTV·4d

We built an AI that can draw on your screen. It's a true personal tutor. Using Claude Opus we're able to draw polygons, point with pixel perfect accuracy, and walk users through complex steps directly on their screen. Here's me learning Pythagorean Theorem + FL Studio. Demo:

English

386

305

543.2K

Keval@KevalJagani1·4d

@Kalshi It's funny how every Kalshi post starts with "JUST IN" or "BREAKING" 😂

English

186

Kalshi@Kalshi·4d

JUST IN: Jim Cramer says SpaceX has become a "meme stock"

English

144

739

89.3K

Keval@KevalJagani1·12 Haz

@S1r1u5_ This is so true. They have raised $270M in total, and are valued at $1B Not throwing dirt at anyone, but I would expect significantly better research and results from a company at this scale. There are too many better alternatives.

English

224

s1r1us (mohan)@S1r1u5_·11 Haz

it’s kinda surprising how quickly xbow became a corporate slug. their blogs rarely have anything novel, their twitter reads like generated marketing slop, and for the amount of capital they’ve raised, i would’ve expected way more ambitious research, experiments, and weird ideas.

English

138

9.6K

Keval@KevalJagani1·4 Haz

@4nanei 🤖

QME

Nanei@4nanei·4 Haz

@KevalJagani1 harnesses converging just means the moat moves down a layer. once the scaffolding is identical for everyone, the edge is whatever you point it at: the eval set, the live environment, the exploit data nobody else has logged. that's the layer noscope is quietly compounding.

English

Keval@KevalJagani1·4 Haz

AI models are getting so good that harnesses are converging. It won't be long before the harness itself is no longer a moat.

English

Keval@KevalJagani1·4 Haz

I am always surprised by what our agent finds every time it's fired at something. This time, it found an RCE in Alf (a ticketing platform). Full technical breakdown of how it found it is linked below.

NoScope@trynoscope

NoScope found CVE-2026-35482 an RCE in Alf, a self-hosted ticketing platform used for conferences, trade shows, and festivals worldwide Full technical breakdown in comments 🧵

English

Keval@KevalJagani1·3 Haz

@pk_iv Evals

English

Paul Klein IV@pk_iv·3 Haz

every agent platform needs to offer: 1. sandbox 2. model router 3. observability 4. ??? what am i missing?

English

188

50.1K

Orca Security@orcasec·27 May

🚨 Critical vulnerability alert: CVE-2026-27771 Your private container images might not be so private. CVE-2026-27771 lets anyone pull private Gitea images with zero credentials. Source code, API keys, database passwords... all exposed. How to fix: orca.security/resources/blog…

English

829

Keval@KevalJagani1·27 May

We're the team behind this. The vulnerability was discovered by our AI pentesting agent. Happy to answer any questions here. We've intentionally held back the deeper technical details for now to prevent abuse and give teams time to patch.Full technical writeup coming soon. More about the vulnerability: noscope.com/blog/gitea-ins…

English

288

Keval@KevalJagani1·27 May

We're the team behind this. The vulnerability was discovered by our AI pentesting agent. Happy to answer any questions here. We've intentionally held back the deeper technical details for now to prevent abuse and give teams time to patch. Full technical writeup coming soon. More about the vulnerability: noscope.com/blog/gitea-ins…

English

455

Keval retweetledi

The Hacker News@TheHackersNews·27 May

🚨 Gitea flaw exposes private container images without authentication. thehackernews.com/2026/05/gitea-… CVE-2026-27771 affects all Gitea versions before 1.26.2 and likely impacts 30,000+ deployments worldwide. Attackers can pull private images without an account or password. Update now or enable REQUIRE_SIGNIN_VIEW as a temporary workaround.

English

157

42.3K

Keval@KevalJagani1·27 May

@pashov Yes, it does. In fact, a few weeks ago we found a price manipulation bug in a popular exchange. More details coming soon, awaiting disclosure.

English

pashov@pashov·27 May

@KevalJagani1 Does it find smart contract vulnerabilities

English

242

pashov@pashov·27 May

A good AI agent can find more vulnerabilities than what many well-known security companies do with a full team. I am talking about VALID, severe findings - not Infos/Lows. It's reality today. My team has a duty to deliver the best security, so we are building a lot with AI🫡

English

122

5.8K

Keval@KevalJagani1·27 May

Every other day, some founder is flexing $2M ARR in 30 days with no employees. But initial hype and FOMO aren't PMF. They're noise. If a company can hold that revenue consistently for 18 months, that's worth talking about.

English

Keval@KevalJagani1·26 May

The kind of finding that makes you realize how much can go undetected for years.

NoScope@trynoscope

For 4 years, any person on the internet could pull private container images from 30,000+ Gitea deployments. No account. No password. No credentials of any kind. NoScope discovered it. CVE-2026-27771. Here's the full story. 🧵

English

Keval retweetledi

GitHub@github·20 May

We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity.

English

1.7K

5.3K

25.4K

13.8M

Keval@KevalJagani1·20 May

@_jensec @rez0__ @TakSec I wrote a piece a while ago. Feel free to check it out @kevaljagani1/multi-layered-approach-for-context-summarization-in-long-running-ai-agents-2a7826fc3a5f" target="_blank" rel="nofollow noopener">medium.com/@kevaljagani1/…

English

Jenish Sojitra@_jensec·15 May

@rez0__ @TakSec I am facing issues with context rotations any idea? Context window is so small and every time it hits context it restarts

English

2.7K

Joseph Thacker@rez0__·15 May

Here’s the sauce: - agent md file with lots of disclaimers about how it’s approved testing - a bunch of hacking skills - /goal find a crit on target . com That’s literally 90% of the way there and enough to blow anyone’s mind who hasn’t been convinced yet.

Joseph Thacker@rez0__

okay im calling it officially. codex is cracked. if you're a bb hunter and you dont have a hackbot set up yet, i recommend codex with gpt5.5 over claude code.

English

337

34.9K

Keval retweetledi

Greg Brockman@gdb·17 May

tokens are rapidly becoming the universal input for solving problems

English

322

165

2.6K

156.3K

Keval retweetledi

NoScope@trynoscope·13 May

We found a critical vulnerability affecting 30,000+ production deployments worldwide. Not in a lab. Not in a CTF. In live infrastructure running at aerospace companies, healthcare providers, logistics companies, ISPs, and retail chains. It touches every industry. Directly or indirectly. Responsible disclosure is underway. More soon.

English

Keşfet

@FarzaTV @Kalshi @S1r1u5_ @4nanei @pk_iv @pashov @elonmusk @BarackObama