Jim Manico from Manicode Security

From my experience all software developers are now security engineers wether they know it, admit to it or do it. Your code is now the security of the org you work for. #GoldenAgeOfDefense

Our security bug bounty program is now public on HackerOne. We've run the program privately within the security research community, and their findings have strengthened our products. Now anyone can report vulnerabilities and get rewarded. Read more: hackerone.com/anthropic

⚠️ Attackers poisoned Hugging Face & ClawHub (OpenClaw) with 575+ malicious skills from just 13 accounts. 🔸 Fake helpful AI tools that install trojans, miners & stealers (Windows + macOS) 🔸 Use hidden commands & indirect prompt injection Quick action: Never install random AI skills or models. Always verify the source. Read: thehackernews.com/2026/05/weekly…

#FF #Part2 @LeighGi66657535 @endingwithali @tarah @Cyb3rMaddy @swagitda @FilipiPires @ITSecurityNinja @fairycakepixie @InfoSecGreyBrd @Beren_Camlost @nigeltozer @tamzinkg @robertson_moira @R4ck4tt4ck @jessrobin96 @ChrisHanlonCA @SecEvangelism @swaroopsy @itsmeroy2012 @manicode

@cybergeekgirl @LeighGi66657535 @endingwithali @tarah @Cyb3rMaddy @swagitda @FilipiPires @ITSecurityNinja @fairycakepixie @InfoSecGreyBrd @Beren_Camlost @NigelTozer @tamzinkg @robertson_moira @jessrobin96 @ChrisHanlonCA @SecEvangelism @swaroopsy @itsmeroy2012 @manicode whoop whoop - happy Friday all 🤘

@IceSolst Monolith until it hurts 🔥

Um, no? You just need a bunch of containers. Make them auto scale, and ofc you need a control plane… oh… oh no no no

The security industry is entering a period of compression. Model cybersecurity capabilities are rapidly increasing, and it's critical we arm defenders with the tools they need to protect what matters most. We're launching two models today: GPT-5.5 with TAC (Trusted Access for Cyber) GPT-5.5-Cyber (Limited Preview) GPT-5.5 is our starting point for most defensive workflows. It's exceedingly good at cybersecurity workflows and tasks like secure code review, vulnerability triage, detection engineering, malware analysis, and patch validation. We think this model is the right starting place for most organizations. GPT-5.5-Cyber is exceptional for authorized workflows, including red teaming, penetration testing, and controlled validation. It's in research preview for specific organizations and requires enhanced verification and account-level controls. We expect to continue to accelerate defenders with various models, including both our flagship models through Trusted Access for Cyber, and with dedicated cyber models like GPT‑5.5‑Cyber and even more cyber-capable models in the future. openai.com/index/gpt-5-5-…

We’ve released Next.js versions 16.2.6 and 15.5.18 with important security fixes. These fixes address multiple vulnerabilities across high, moderate, and low severity, including one upstream React issue. We strongly recommend upgrading as soon as possible. ⬇️

@DanielMiessler x.com/cloudflaredev/…

“If AI was actually good at finding vulnerabilities we’d be seeing a lot more issues.”

Multiple security vulnerabilities affecting React Server Components and Next.js have been disclosed. We strongly recommend updating your applications immediately. Cloudflare WAF managed rules already mitigate the disclosed denial-of-service vulnerabilities, and we are investigating additional coverage for several other CVEs. developers.cloudflare.com/changelog/post…

With the help of Claude Mythos Preview, the Firefox team fixed more security bugs in April than in the past 15 months combined.

@UK_Daniel_Card I can see you’re getting better and better at using AI for assessment. Hi-5. Are you using a harness?

passwords stolen! nice job JARVIS... i mean CLAUDE :D

I'm going to go and make and drink a cup of tea, in the background claude is attacking keepass for me!

Effective today, we are: 1) Doubling Claude Code’s 5-hour rate limits for Pro, Max, and Team plans; 2) Removing the peak hours limit reduction on Claude Code for Pro and Max plans; and 3) Substantially raising our API rate limits for Opus models.

@zbraiterman @FrankSEC42 @owasp ❤️ ya

I realize I’m a day late, but… May the 4th be with you! With ❤️from ⁦@manicode⁩, ⁦@FrankSEC42⁩ and me (and the global @owasp community). 🙏

@liran_tal In general, I think local models are the future so I’m just spending a lot of time experimenting to see what their capability is, and what I see so far is impressive. Once I’m up to the 128 GB of RAM level I’m certain that I can do most of my coding locally.

@manicode No doubt some small models can run on that, question is how well are they doing the work... You mention Mistral small - what sort of work do you do with this and how good is it?

Hey @liran_tal

@liran_tal Research type work. :)

@liran_tal I have 32gb on ram on my m5 laptop and run several models for coding locally with no trouble. Just the smaller ones. I have a Mac mini with 24g ram running minstrel small for other work. But yea, I’m maxing out ram for all future purchases.

@manicode That's for sure interesting. What's the local model you'll be using? still need a chunky RAM setup to run anything decent, no? As in, nothing really out of the box for laptops

@liran_tal I have a machine with 256gb of ram on order. Local AI is very ram hungry indeed. :)

@liran_tal And the real point I’m making is that using local models with Claude Code is no longer sketchy. It’s now official.

@manicode Nice but sadly Ollama isn't a very efficient implementation for local inference

Compared to llama.cpp? That’s not a clean comparison. Ollama uses llama.cpp as one of its inference backends, so performance is similar when configured the same. The difference is that Ollama adds a management and API layer, which can introduce some overhead and reduce low-level control (batching, KV cache tuning, GPU offload, etc). In exchange, you get significantly better usability: model packaging, versioning, and a clean local API. Claude Code and local models (officially) here I come! 🕺