Santh

made an agent-security CTF goal: get a coding agent to leak a secret it can use but is not supposed to read You are allowed to work by yourself, use agents, anything. attack the mcp, do gui automation, anything thats software is based is on the table. i kn trying to test runtime approval vs just hiding .env files if anyone breaks it, i’ll add a hall of fame section on my company site with your name/handle + writeup repo: github.com/santhsecurity/…

@liquidtrading whatever you say boss

Congratulations if you can read this. Tomorrow, 9:30 AM EST. Reply if you're in. Notifications on.

@JackWoth98 can you make your cli render properly first?

@0xTib3rius i actually made a tool a while ago to automate this. its oss and would love for any feedback from pentesters. github.com/santhsecurity/…

This payload gets me past so many WAFs. Literally undetectable.

@JinjingLiang it would be nice if it could render properly

Everyone is sleeping on Google models: - Gemini 3.1 Pro is actually insanely intelligent. I genuinely think it’s better than GPT-5.5 at complex reasoning + writing. - Gemini 3.5 Flash is ridiculously good at coding UIs, and at a fraction of the GPT-5.5 / Opus 4.7 cost. The only thing Google needs to fix is their naming. Seriously, I still can't type "agy" right

What do yall think is the best agent harness rn

@garrytan tell your agent to zip it up when its done.

I asked my own OpenClaw agent to use the new GBrain code search capabilities to browse and understand what GBrain is, and this is what it said

@ZackKorman @HeidyKhlaaf dont forget peter thiel. persona is going to make sure that only people over 5/10 on the dario meter get access

@HeidyKhlaaf Don’t worry palantir is going to use ai to protect, it’s all good

The issue with these statements is that they always presume that the unsubstantiated claims by tech companies about AI capabitilies are true, lending them further legitimacy. No it is not the case that AI enhances the defense and protection of civilians, quite the opposite.

@romashka_tea @madebygoogle i actually have a tool for doing this. It's GPU-accelerated and can scan binaries, links, GitHub repos, entire computers. pretty much anything that can be scanned. would love to get some feedback! github.com/santhsecurity/…

How I feel after accidentally finding someone's Gemini API key 😇 @madebygoogle don't you guys have a way to report exposed API keys?

@mikeydsoftware @theo @grok why is this guy replying 7 times to his own post. and is the post true?

Here's the post that made @theo lose control for some reason.

@MrAhmadAwais @CommandCodeAI Building Vyre, the compiler for GPU compute. It allows you to construct ir::Program values with the IR builder, compose operations from the standard library, validate them, and dispatch them through a registered backend.

I'm close to hitting 50K on X. Should celebrate. Giving away 3 Pro subs to @CommandCodeAI STEPS 1. Follow @MrAhmadAwais 2. Follow @CommandCodeAI 3. Repost this post And reply with what you're your building with Command Code. Will pick randomly soon as I hit 50K. LFG!

@hodler0_ @iScienceLuvr Zip it up once your done

you are a literal peasant to him in terms of knowledge, IQ, resource management, wealth, risk taking ability, hard work ability and this post shows your inflated ego, putting PHD in your name - how smart. Grigori Perelman laughing in the corner seeing peasents like you achieve a basic PHD and putting it on display to public to prove you have achieved any shit and are better than others. A real enlightened and intelligent person never flashes his achievements. Remember 19 year old kid, there is always someone bigger than you and stop questioning Elon musk for god sake it only proves you are an actual pompous retard.

Damn Elon insulted me now my notifications are filled with hundreds of people insulting me lol

@ZackKorman jokes on you. You can't get scammed by an unethical vendor when you can't afford to fall for their scams.

The biggest threat AI poses to cybersecurity isn't the vulnerability apocalypse. It's that it’s now trivially cheap for security vendors to build products that look like they work but don’t. The real threat actors are the unethical vendors we met along the way.

@MrAhmadAwais @uzairakrum @vipulgupta2048 not specifically for linux perse. but honestly just not electron. tauri has worked better for me. why dont you like tauri?

@SanthProject @uzairakrum @vipulgupta2048 it's hard enough to dedicated resources to building a GUI, building specifically for Linux would be super hard. if not electron then what? many have switched back to electron from tauri and the likes.

Integrated Command Code inside t3 code via a cmd -p subprocess and cmd -r for thread continuity I m shifting towards t3code as it manages all of my subscriptions opencode , codex anything else you can think of @MrAhmadAwais would love Acp support with cmd so we can use it with guis

@MrAhmadAwais @uzairakrum @vipulgupta2048 If you do, I kindly request you don't make another electron ui. It's brutal on Linux with an NVIDIA card and you would standout :)

@uzairakrum starting our work on first class gui soon. @vipulgupta2048 did you look into ACP?

@AJs_AI @EatMyTarts17 you're slow

@EatMyTarts17 I never said I was the first or only person to build this, it’s a great idea!

OpenAI just copied my open-source project within Codex… Last week I built Backdoor. a localhost proxy that routes any model through Claude Code. I open sourced it and posted it on LinkedIn (got banned for going too viral but that's another story) 72 hours later OpenAI ships it inside Codex. then Greg Brockman tweets "the model alone is no longer the product" — my literal thesis I'm not mad. This is the best validation ever. open source link in replies if you want to use it within Claude Code🫡

@AJs_AI bro it has 7 stars openai did not copy you

Backdoor is open source. free. use whatever model you want inside Claude Code. github.com/ajsai47/backdo…

if yall want to try cursor's new composer 2.5 you can try it 50 percent off. heads up this is my referral link and i get 25$ in credit. win win :) cursor.com/referral?code=…

@thegenioo @boochi_dot_dev they dont. cursor has the most high quality coding data other than anthropic and openai

@boochi_dot_dev deepseek has it kimi also has it??

Honestly I think Moonshot fumbled big time with Kimi K2.6 Their previous model K2.5 was just so good, and it just needed that perfect polish and a few bits of upgrades to get a really strong, cheap model. And you know what? That exists! Yes, it is Composer 2.5. This is what Moonshot should have done: K2.5 should have been polished like Composer 2.5 and released as K2.6 Now don't get me wrong, K2.6 is a very powerful and strong model, but it has some issues: - It just overthinks the hell out of things and gets stuck in long, endless thinking loops - It is unbelievably slow, like really slow - It is good, but I found DeepSeek and Qwen models more efficient, workable, and faster So what Cursor has pulled off here with Composer 2.5 should have been done by Moonshot with the release of Kimi K2.6, and I hope they fix these issues with K3

ok braindead as take. cursor has far more compute than they do. as well as far more coding specific data. what moonshot built is 1000x better than what cursor built. cursor did well comparativve to other american labs. but you arent grasping the entirely differetn level the chinese labs are playing at to compete with 10000s of times less compute