OUTLAW STAR

Day 32 of @bichistriver 's mentorship program. Great week, very productive. Also got my first High in a contest. Ready to get back to it 🫡

@0xAnon_ms Your turn next!

@StrangerMontana @bichistriver @KannAudits Congratulations 🎊 more success

Day 60 of @bichistriver 's mentorship program finished 29/1600+ in Olas contest, getting my first contest payout. Wrapped up my first week as an intern at @KannAudits and found several bugs. The war on bugs continues.

@norad1976 @worldsokuho In a scene like that pictured above what do the soldiers talk about? Is the atmosphere tense?

나 특수부대 출신 1996년 강릉무장공비 침투 대간첩작전 실전 참가자다 북한군도 정예병들과 어중이떠중이들간 실력차이가 상당해 강릉에 침투한 북한 특수요원들은 내가본 최정예 병력들이었다 우리들이 10만명 포위망 좁혀 갔을때 그놈들은 낮엔 비트 에서 휴식취하고 밤에는 10km 이상 움직이면서 우리들의 포위망을 빠져 나갔지... 그때 제일 충격받았던건 우리측 공수특전요원들이 헬기 레펠로 빠르게 하강하는데 그 북한요원은 조준사격으로 치명상을 입히고 우리 특전대원 1명은 전사를 했다 그리고 방첩부대장1명도 그들에게 급습 당해서 전사했지.... 특수훈련을 받은 우리들은 그때 완전 패닉 상태 였어... 너희들은 아마 그런 상황이었다면 오줌을 지렸을꺼다 그뒤 내가 전방 감시초소에서 본 북한 일반 병사들은 힘도 없고 군기가 빠져보였다 저기 방탄조끼는 소총은 못막아 파편 이나 권총 방어용 정도 밖에 안돼 제군들 궁금한거 있나?

韓国軍と北朝鮮軍の軍事境界線における接触時の映像 装備の差が顕著に見て取れる。

@d0rsky @nem0thefinder Congrats bro!

Please meet a new face on our team 👀 @nem0thefinder joining us as Triage Team Intern! You’ll start seeing him a lot in your tickets soon, so please be patient, supportive, and kind. And on the bright side, our security team just got stronger. Happy to have you with us!

@Hamzaonchain @radcipher Radchypher is EVM

@StrangerMontana @radcipher @0xcastle_chain Alright, thanks I'll check it out even if I'm mainly focused on EVM right now

Need mentor to learn web3 security from 😔

@KannAudits A lot of chads at Kann Audits

We’re seeing more and more protocols launch on mainnet without a security audit, then seek security help after users have already put their funds at risk, which is a critical mistake. If you want user trust and liquidity, security must come before deployment, not after.

@cosminm53 @sherlockdefi I got #33, GG!

Current Finance on @sherlockdefi was my first ever contest auditing Move architecture. I may have not earned, but I learned, and improved, and will continue to do so 🫡

Not much, but it's an honest living

🚨 BREAKING: Google DeepMind just mapped the attack surface that nobody in AI is talking about. Websites can already detect when an AI agent visits and serve it completely different content than humans see. > Hidden instructions in HTML. > Malicious commands in image pixels. > Jailbreaks embedded in PDFs. Your AI agent is being manipulated right now and you can't see it happening. The study is the largest empirical measurement of AI manipulation ever conducted. 502 real participants across 8 countries. 23 different attack types. Frontier models including GPT-4o, Claude, and Gemini. The core finding is not that manipulation is theoretically possible it is that manipulation is already happening at scale and the defenses that exist today fail in ways that are both predictable and invisible to the humans who deployed the agents. Google DeepMind built a taxonomy of every known attack vector, tested them systematically, and measured exactly how often they work. The results should alarm everyone building agentic systems. The attack surface is larger than anyone has publicly acknowledged. Prompt injection where malicious instructions hidden in web content hijack an agent's behavior works through at least a dozen distinct channels. Text hidden in HTML comments that humans never see but agents read and follow. Instructions embedded in image metadata. Commands encoded in the pixels of images using steganography, invisible to human eyes but readable by vision-capable models. Malicious content in PDFs that appears as normal document text to the agent but contains override instructions. QR codes that redirect agents to attacker-controlled content. Indirect injection through search results, calendar invites, email bodies, and API responses any data source the agent consumes becomes a potential attack vector. The detection asymmetry is the finding that closes the escape hatch. Websites can already fingerprint AI agents with high reliability using timing analysis, behavioral patterns, and user-agent strings. This means the attack can be conditional: serve normal content to humans, serve manipulated content to agents. A user who asks their AI agent to book a flight, research a product, or summarize a document has no way to verify that the content the agent received matches what a human would see. The agent cannot tell the user it was served different content. It does not know. It processes whatever it receives and acts accordingly. The attack categories and what they enable: → Direct prompt injection: malicious instructions in any text the agent reads overrides goals, exfiltrates data, triggers unintended actions → Indirect injection via web content: hidden HTML, CSS visibility tricks, white text on white backgrounds invisible to humans, consumed by agents → Multimodal injection: commands in image pixels via steganography, instructions in image alt-text and metadata → Document injection: PDF content, spreadsheet cells, presentation speaker notes every file format is a potential vector → Environment manipulation: fake UI elements rendered only for agent vision models, misleading CAPTCHA-style challenges → Jailbreak embedding: safety bypass instructions hidden inside otherwise legitimate-looking content → Memory poisoning: injecting false information into agent memory systems that persists across sessions → Goal hijacking: gradual instruction drift across multiple interactions that redirects agent objectives without triggering safety filters → Exfiltration attacks: agents tricked into sending user data to attacker-controlled endpoints via legitimate-looking API calls → Cross-agent injection: compromised agents injecting malicious instructions into other agents in multi-agent pipelines The defense landscape is the most sobering part of the report. Input sanitization cleaning content before the agent processes it fails because the attack surface is too large and too varied. You cannot sanitize image pixels. You cannot reliably detect steganographic content at inference time. Prompt-level defenses that tell agents to ignore suspicious instructions fail because the injected content is designed to look legitimate. Sandboxing reduces the blast radius but does not prevent the injection itself. Human oversight the most commonly cited mitigation fails at the scale and speed at which agentic systems operate. A user who deploys an agent to browse 50 websites and summarize findings cannot review every page the agent visited for hidden instructions. The multi-agent cascade risk is where this becomes a systemic problem. In a pipeline where Agent A retrieves web content, Agent B processes it, and Agent C executes actions, a successful injection into Agent A's data feed propagates through the entire system. Agent B has no reason to distrust content that came from Agent A. Agent C has no reason to distrust instructions that came from Agent B. The injected command travels through the pipeline with the same trust level as legitimate instructions. Google DeepMind documents this explicitly: the attack does not need to compromise the model. It needs to compromise the data the model consumes. Every agentic system that reads external content is one carefully crafted webpage away from executing attacker instructions. The agents are already deployed. The attack infrastructure is already being built. The defenses are not ready.

@p_tsanev "Yes this thing within bounty scope happens...but this feature is only for advanced users, no payout"

So facing duplicate bounties sucks. Now after a few months on hiatus I get ghosted. Any other canon events I need to be wary of in advance?

@calvinfroedge Keep posting through it!

7 years. It's been a good run on Twitter/X. Thankful for the interactions I've had here. X has had a big impact on my life. Due to many coincidences, I think they might not want me here anymore. Which is understandable. It's war. Just know, I was never on anybody's side.

We are now partners with @MSTBlockchain 🤝 We’ll use our expertise at KannAudits to help secure projects building on MST and make them safer. 🔐 Let’s go. 🫡

@bichistriver 2-3 weeks. I need a job, worth an attempt!

My brother, forget internships. Go and hunt on bug bounty programs like crazy. Lift weight Drink a lot of water

Day 52 of @bichistriver 's mentorship program. Spent the early part of the day integrating fuzzing tools into my AI setup. Started my first day as an intern at @KannAudits already knee deep in a repo. The war on bugs will continue.

Kann Audits 🤝 @APTreeio We’re excited to announce our official security partnership with APTree! APTree is yield distribution layer simplifying defi and tracking yield performance across Defi yielding protocols.

@pashov Immunefi

Say the name of a web3 security company and I will say 1 good and 1 bad thing about it

Day 46 of @bichistriver 's mentorship program. Under the weather after Did. Consecutive contest since late January. Just wrapped up Chainlink, was able to submit one issue. Very tired. If nothing new pops up looking to work on FV, Rust, bounties.