Robert Pritchard

15.8K posts

Robert Pritchard

@TheCyberSecExp

Cyber security nerd. Former UK gov cyber security. Security consultant & capacity builder. RUSI Associate Fellow. Creator of Soothsayer

Katılım Ekim 2013

3K Takip Edilen2.7K Takipçiler

Robert Pritchard retweetledi

Zack Korman@ZackKorman·19h

NVIDIA Nemoclaw's security is worse than I expected. The AI can modify its own config to bypass security controls. I asked it to accept websocket connections from any origin and change its token to something trivial (123). Now any site I visit can give instructions to my bot.

English

575

54.4K

Robert Pritchard@TheCyberSecExp·20h

@shashj @JEyal_RUSI The culprit: garmin.com/fr-FR/p/182864…

English

Shashank Joshi@shashj·22h

When I joined The Economist almost eight years ago, I submitted a sample article. It was on Strava revealing the location of US special forces bases and other sensitive sites. Every since then there has been at least one of these incidents each year. x.com/shashj/status/…

Shashank Joshi@shashj

'France says it’s taking “appropriate measures” after a naval officer’s use of the Strava exercise app inadvertently enabled journalists to geolocate the aircraft carrier Charles de Gaulle' washingtonpost.com/world/2026/03/…

English

281

17.7K

Shashank Joshi@shashj·22h

English

418

77.9K

Robert Pritchard retweetledi

MikeTalonNYC@MikeTalonNYC·2d

Heads up, DownDetector is reporting CloudFlare is barfing hard right now. Expect outages and other issues across most of the damn Internet for a while.

English

111

Robert Pritchard@TheCyberSecExp·4d

@ZackKorman The prompt just says: ****BE SECURE****

English

Zack Korman@ZackKorman·4d

If you believe this you have zero clue how security works.

English

747

24.6K

Robert Pritchard@TheCyberSecExp·4d

@mikenelson586 @maggiemphillips

GIF

QME

Mike Nelson@mikenelson586·5d

@maggiemphillips So, not curtains for Zogu?

English

356

Maggie Phillips@maggiemphillips·5d

Princess Blerta will bear the family name of Zogu!

Princ Leka@princeleka

Happily married!

English

816

Robert Pritchard@TheCyberSecExp·5d

@UK_Daniel_Card To painful to make it through all the six minutes. I am quite worried about these mega agents though

English

452

mRr3b00t@UK_Daniel_Card·5d

what the fuck are they talking about.... LOL

Molly O’Shea@MollySOShea

In 6 minutes, Gili Raanan (@giliraanan), the foremost expert on cybersecurity, explains why we're all f*cked.

English

12.5K

Robert Pritchard@TheCyberSecExp·14 Mar

@ZackKorman My feeling (and hence advice) on this was a) make sure you stay within the law (ie have done gdpr due diligence) and b) how forward leaning are you compared to your competitors, and hence how bad is it the AI provider gets pwned or misuses the data?

English

Zack Korman@ZackKorman·13 Mar

Of all the AI security risks, vendors training on your data is one of the least scary. It’s just the one CISOs focus on most because it’s the easiest to understand and solve.

English

Robert Pritchard@TheCyberSecExp·12 Mar

How your email finds me

AFP News Agency@AFP

North Korea unveils image of leader's teenage daughter firing pistol - once again stoking speculation she is being groomed as heir u.afp.com/SLw5

English

143

Robert Pritchard@TheCyberSecExp·12 Mar

@ZackKorman I think you even overstate it! 'There's a file on my machine which contains text which asks it not to do anything bad'

English

Zack Korman@ZackKorman·12 Mar

“I gave an AI agent the ability to read and write to any file on my machine, but don’t worry, there’s a file on my machine that stops it from doing anything bad.” Half of AI agent security is simply internalizing how dumb that is.

English

162

5.8K

Robert Pritchard@TheCyberSecExp·12 Mar

@GazTheJourno Send one over and I’ll take a look. Forward it as an attachment (you click the three little dots I think - can check when at my desk). Will pm email

English

Gareth Corfield@GazTheJourno·12 Mar

Sample screenshot:

English

316

Gareth Corfield@GazTheJourno·12 Mar

Infosec bods, help! My inbox is filling up with semi-targeted crud that feels very much like a threat actor. Hallmarks: Emails that look like press releases. Sender names that are always a female name and initial, e.g. Dani K URLs that are always three words... 1/x 🧵

English

992

Robert Pritchard@TheCyberSecExp·12 Mar

@AlexMartin Having read the story now it feels like a questionable prosecution given his mental state.

English

416

Alex Martin@AlexMartin·12 Mar

Chap's given himself an awfully unfortunate job title on LinkedIn.

English

7.3K

Robert Pritchard@TheCyberSecExp·11 Mar

@IceSolst @georgiaweidman I know of one incidence where it worked and the target went out and bought the apple vouchers or whatever they were.

English

solst/ICE of Astarte@IceSolst·11 Mar

@georgiaweidman There’s a super common scam where they pose as the CEO (scraped from LinkedIn) and reach out to folks “hey do you have a minute”, and for the vast majority of people, this is a psa, since they don’t typically interact

English

281

solst/ICE of Astarte@IceSolst·10 Mar

Your CEO is NOT reaching out to your goofy ass on WhatsApp/text/email, it’s a scam, and they keep doing it because it works

English

289

14.6K

Robert Pritchard@TheCyberSecExp·11 Mar

@lishadawn @sweetdelightss The other thing to remember is that whatever the thing was, it looms much larger in your mind than anyone else's.

English

alicia 👩🏻‍💻@lishadawn·11 Mar

@TheCyberSecExp @sweetdelightss Yeah, I think you’re right. I think most of us care too much. I need to find the balance between beating myself up and realizing that cybersecurity is a field where mistakes are going to happen. But ugh, they suck

English

Stacey✨@sweetdelightss·11 Mar

The most painful part of security is getting something wrong and still having the wherewithal to get over your embarrassment and learn from it and still deliver. I swear some people don’t seem to have this issue and recover instantaneously. …weirdos

English

3.7K

Robert Pritchard@TheCyberSecExp·11 Mar

@lishadawn @sweetdelightss I think the number of people who really just let stuff roll off is fairly small (I hope anyway!). But you need to find a way not to beat yourself up constantly. For me I tell myself there’s literally nothing to be done other than making sure I don’t do whatever it was again.

English

alicia 👩🏻‍💻@lishadawn·11 Mar

@sweetdelightss I had a miss about a month ago that I’m still feeling like shit about. I don’t know how people just let it roll off them. I wish I could

English

Robert Pritchard@TheCyberSecExp·11 Mar

@sweetdelightss It’s not easy but all you can do is learn from it and promise yourself you won’t make that mistake again.

English

Robert Pritchard@TheCyberSecExp·10 Mar

@ZackKorman @IceSolst Compliance has become a thing for its own sake, with divergent goals from actually being secure. No one accepts any of the 'standards' but you still have to have one of them anyway, and then as Zac says you get more questions anyway which achieve equally nothing

English

Zack Korman@ZackKorman·10 Mar

@IceSolst This is the core problem. People say SOC2 or ISO27001 mean nothing and then try to run their own mini audit that…. Is SOC2 or ISO27001 but worse. These standards are bad because the problem of verifying security is difficult. So “roll your own vendor review” isn’t solving it

English

1.5K

solst/ICE of Astarte@IceSolst·10 Mar

SOC2 is a massive waste of time. Theater, a self-assessment of your own policies. If you hand me a SOC2 report, it means nothing to me. So companies get around by sending you their own 200-line questionnaire… making it an even bigger waste of time. Kill all auditing.

English

331

18.7K

Robert Pritchard@TheCyberSecExp·6 Mar

This seems suboptimal

English

Robert Pritchard@TheCyberSecExp·4 Mar

@ZackKorman @techspence @dasgrog I've been trying to be a bit more present on there because I think it is useful, but I do agree. You can just say anything and people will cheer you on.

English

Zack Korman@ZackKorman·4 Mar

@techspence @dasgrog I genuinely mean it, the quality of posts on LinkedIn is so bad. And even if you call it out it doesn’t matter. People just keep on liking the trash

English

255

Zack Korman@ZackKorman·4 Mar

I went ahead and posted the LinkedIn version of this.

solst/ICE of Astarte@IceSolst

There’s an astronomical skill gap between good security people, and the rest. There’s no mid. Accounts you see posting their research here are absolutely cracked, it’s not the norm. When you go out and talk to security folks that don’t go to conferences, don’t read up on research, you realize- holy shit. They have no fucking clue. The majority of the cybersecurity work force is absolutely incompetent. It’s partly why vendors can come up with inane bullshit as marketing material and it works on many CISOs. If you’re reading this, you’re most likely 1000x the skill level of the average person. Like I cannot emphasize enough how low the bar is when the sample size is the entire industry.

English

181

17.2K

Robert Pritchard@TheCyberSecExp·2 Mar

@kmcnam1 Close tabs?

English

sudox@kmcnam1·2 Mar

ZXX

193

3.3K

Robert Pritchard retweetledi

Darth Putin@DarthPutinKGB·27 Şub

OTD in 2015 Boris Nemtsov shot himself in the back 4 times by the CIA a few hundred yards from the Kremlin. In unrelated events, he had just written a detailed report about how Russia had invaded Ukraine & said we would make them enemies forever...

English

279

1.6K

23.1K

Keşfet

@shashj @JEyal_RUSI @ZackKorman @mikenelson586 @maggiemphillips @UK_Daniel_Card @GazTheJourno @elonmusk