JM

@AdversaryVillag @defcon Thanks again for allowing me to present! Slides available at github.com/sourcefrenchy/…

Proton Mail Shared User Information with the Police schneier.com/blog/archives/…

Remember the first rule of memory safety in C is to have fun

A rogue AI led to a serious security incident at Meta theverge.com/ai-artificial-…

@hamptonism I would stick to the 6.

THERE ARE 23 DUNE BOOKS???

Apple is urging users to update their iPhones after the discovery of new spyware that can take over phones running older versions of the iOS operating system 🔗 Read more trib.al/VU3qtnH

🔥🤖Excited to share a new blog I co-authored with @h4wkst3r and @kulinacs - Automating the Operator: Integrating LLMs into Offensive Security armadin.com/blog-posts/aut… We show how LLMs make offensive work more operationally useful, introduce 2 new MCP servers, and an NTLM relaying Gemini extension POC

You can route internet traffic through WhatsApp. Open-source tool. github.com/aleixrodriala/…

AV/EDR Lab Environment Setup A curated list of various resources helpful in building own malware-centric research lab. A post by Udayveer Singh (@m4lici0u5) Source: an0nud4y.notion.site/AV-EDR-Lab-Env… #redteam #blueteam #maldev #malwaredevelopment

yo! I'm hiring a Director of Rapid Response for @Unit42_Intel - wanna help drive our cross-team coordination efforts for major events? Lets goooo! paloaltonetworks.wd5.myworkdayjobs.com/panwexternalca…

@ippsec @Kostastsale Isn’t “optimal” becoming a question of tuned prompt and Claude.md skill definitions anyways?

It really depends on the definition of “good code”. If functional is all you want then I think LLMs are amazing. However if you are going for optimal, I dont think it is there today. Take a look at claude, I dont think anyone would say a react app in the terminal is optimal. But efficiency may not matter if you still can build fast and be somewhat stable. In terms of security it’s hard to say, comes down to responsibility of reviewing what AI writes. That said it is getting amazing at finding logic bugs and stupid design decisions so it may not matter in the long run. We live in the crazy time of ignoring our problems now as it’s likely the innovation will solve them anyway. So if the definition is functional? Yes LLMs are great but if you are after optimal/efficient, then Im really curious what the old school programmers that were forced to do tasks like keep 1500 archers synchronized across a 28.8k connection think (zoo.cs.yale.edu/classes/cs538/…)

I love when people say “LLMs don’t write good code”. Do you think you write better, more maintainable, bug-free code than your AI? Even though I still write a lot of the code, I can promise you I could never consistently write code as clean as what my AI can produce… but I can review the hell out of it a lot faster 😂

KslDump - Extraction of credentials from PPL-protected LSASS using only Microsoft-signed components github.com/andreisss/KslD…

We achieved a guest-to-host escape by exploiting a QEMU 0-day where the bytes written out of bounds were uncontrolled. Full breakdown of the technique, glibc allocator behavior, and our heap spray/RIP-control primitive ↓

We need a new industry cert: Certified Red Team Sloperator (CRTS)

This is cyberpunk AF. Bad actors appear to be using AI to create malicious software that human coders can't see, but which other AIs then use to code, producing damaging effects that no human can catch...

Marcus Aurelius wrote this over 1800 years ago: “When you arise in the morning think of what a privilege it is to be alive, to think, to enjoy, to love.”

Job post: job-boards.greenhouse.io/anthropic/jobs… DMs open if this sounds like your kind of work!

A powerful scene in the Odyssey happens when Odysseus finally returns to Ithaca after twenty years of war and wandering. You would expect the story to end with celebration, with the hero coming home, the family reunited, and order restored. Homer does something far stranger. Odysseus arrives disguised as a beggar, because Athena warns him that the palace has been taken over by more than a hundred suitors who have been living there for years, eating his food, drinking his wine, and pressuring his wife Penelope to marry one of them. They believe Odysseus is dead and in their minds the kingdom is already theirs. So the king of Ithaca walks through his own halls dressed in rags while the men stealing his house sit comfortably at his tables. They mock him, throw scraps at him, and one of them even strikes him, and Odysseus takes it. That is the remarkable part, because the same man who blinded the Cyclops and survived twenty years of disasters now stands quietly while strangers insult him in his own home. Homer tells us his heart burns inside his chest and that he wants to attack them immediately, yet he restrains himself and waits. Instead of striking, Odysseus studies the room carefully. He counts the men, watches their habits, and quietly observes which servants remain loyal and which have betrayed him. The hero of the Odyssey does something most people cannot do, which is delay revenge until the moment is right. Eventually Penelope announces a contest and brings out Odysseus’ great bow, declaring that she will marry the man who can string it and shoot an arrow through twelve axe heads lined up in a row. One by one the suitors try and fail, because none of them can even bend the bow. Then the beggar asks for a turn. The suitors laugh at first, but the bow is eventually handed to him. Odysseus takes it in his hands and strings it effortlessly. Homer says the sound of the bowstring tightening rings through the hall like the note of a swallow. Then he places an arrow on the string and sends it cleanly through all twelve axe heads. In that moment the beggar disappears. Odysseus turns the bow toward the suitors and reveals who he is. What follows is one of the most brutal scenes in Greek literature. The doors are sealed and the suitors realize too late that they are trapped inside the hall. Odysseus, his son Telemachus, and two loyal servants begin killing them one by one. There is no escape, no mercy, and no negotiation. The men who spent years consuming another man’s house die inside it. It is a violent ending, but Homer wants you to understand something important. The real danger to Odysseus was never just the monsters and storms on the long journey home. It was the possibility that someone else might take his place while he was gone. When Odysseus finally returns, he reminds everyone in Ithaca of a simple truth: a man’s home is not truly his unless he is willing to fight for it.

@morganlinton @denisyarats Yup, we are doing the same x.com/i/status/20295…

Today we're releasing the AWARE framework—a guide for governing AI agents in the enterprise, developed by our Work AI Institute with security leaders at @Glean, @PaloAltoNtwks, and @databricks. Why now? We noticed something in hundreds of conversations with CIOs and CISOs: everyone is trying to secure AI agents using tools and frameworks that were never designed for autonomous systems. Enterprise security was built for human users, structured systems, and predictable data flows. Agents break all three assumptions. They retrieve, decide, and act across tools—often without a human in the loop. And the current playbook doesn't account for that. Most companies are governing agents the same way they govern SaaS apps, and it's not working. The numbers bear this out. Only 17% of organizations have automated controls for AI data flows. AI-specific breaches take 290 days to contain—40% longer than traditional breaches. The fundamental question has changed. It's no longer "does this person have permission?" It's "is this behavior appropriate, right now, in this context?" We developed the AWARE framework to start codifying how enterprises should think about this: 𝗔ctor Intent: Who or what is acting, and why? 𝗪ork Context: Is this data sensitive right now, in this context?  𝗔utonomous Guardrails: Is the agent staying within its declared scope?  𝗥eal-Time Risk Scoring: How risky is this behavior at this moment? 𝗘cosystem Observability: Can we trace what it did across every system it touched? Nobody has this entirely figured out, but we need a framework for moving forward. The organizations that treat agent governance as a design principle (not a bolt-on) will be the ones that scale AI with confidence. See everything we announced at Glean's Security Showcase today at 10am PT: glean-it.com/4s4Xidf Read the full framework here: glean-it.com/3Nawklv

🚨Breaking: The guy who created Claude Code (@bcherny) just revealed how his team actually trains their AI. One file: CLAUDE.md You place it at the root of your project. Inside it: past mistakes conventions rules Claude reads it every session. The result? The agent improves over time without you touching the code. Every bug that gets fixed becomes a permanent rule. Boris Cherny uses this internally at Anthropic every day. Here’s the template he shared — ready to copy, paste, and adapt. CLAUDE.md Template 1. Plan Mode Default Enter plan mode for any non-trivial task (3+ steps or architectural decisions) If something goes wrong, STOP and re-plan immediately — don’t keep pushing Use plan mode for verification steps, not just building Write detailed specs upfront to reduce ambiguity 2. Subagent Strategy Use subagents frequently to keep the main context window clean Offload research, exploration, and parallel analysis to subagents For complex problems, throw more compute via subagents Assign one task per subagent for focused execution 3. Self-Improvement Loop After any correction from the user, update tasks/lessons.md with the pattern Write rules for yourself to prevent repeating the same mistake Ruthlessly iterate on these lessons until the mistake rate drops Review lessons at the start of each session 4. Verification Before Done Never mark a task complete without proving it works Diff behavior between main and your changes when relevant Ask yourself: “Would a staff engineer approve this?” Run tests, check logs, and demonstrate correctness 5. Demand Elegance (Balanced) For non-trivial changes, ask: “Is there a more elegant solution?” If a fix feels hacky, ask: “Knowing everything I know now, implement the elegant solution.” Skip this for simple fixes — don’t over-engineer Challenge your own work before presenting it 6. Autonomous Bug Fixing When given a bug report: just fix it Use logs, errors, and failing tests to diagnose Require zero context switching from the user Fix failing CI tests automatically Task Management 1. Plan First – Write the plan in tasks/todo.md with checkable items 2. Verify Plan – Confirm the plan before implementation 3. Track Progress – Mark items complete as you go 4. Explain Changes – Provide a high-level summary at each step 5. Document Results – Add a review section to tasks/todo.md 6. Capture Lessons – Update tasks/lessons.md after corrections Core Principles Simplicity First Make every change as simple as possible and minimize code impact. No Laziness Find root causes. Avoid temporary fixes. Maintain senior-level engineering standards.