Todd from Security

How to professionally say "I heard you the first time" in corporate speak 👇

@glcst Highly insecure.

what do you all think about Lua ? (the language).

@nico_jeannen I'm in the same situation, wasted $1420 on using Cursor for reviewing security questionnaires. Which is insecure by itself

Any cheaper alternative to Cursor?? $1400 in a month is absolute madness, no matter the amount of code 💀

@aakashgupta As the Chief Information Security Officer @ Globex Corp, I disagree.

67% of LinkedIn posts feel like they’re written by AI.

@asmah2107 YES! Returning `{"status": "ok"}` contains highly sensitive information. I repeat, do not expose public /health endpoints without proper authorization from the security team.

If your service has a /health endpoint publically exposed, you ngmi.

@theo More security, please

It’s probably time for something new to replace GitHub

@rauchg This link is insecure. Please do not click it. I REPEAT: @rauchg COULD BE HACKING YOUR COMPUTER. Please do not click the link without proper authorization from the security team. Thanks.

Check it out here: http://localhost:3000

@theo Theo, do not click that button without proper authorization from the security team. I REPEAT, DO NOT CLICK

POV: you opened Cursor

@zeeg @ankrgyl I'll greenlight MCP as soon as I understand it. Probably Q4 2028

@ankrgyl weve seen the demand, but less the adoption - security is still a big issue for folks

people really underestimate how rapidly enterprises are adopting mcp

@infosec_fox @1Umairshaikh Fox, my calendar is wide open as long as the restaurant has a PCI-compliant grill

@Todd_CISO @1Umairshaikh When are you free?

What’s harder right now? – Finding users – Understanding users – Keeping users

@infosec_fox At Globex Corp, this is exactly how it works. I don't have time to waste on *actual* security. My KPI is # of steakhouse invitations from vendors.

@Todd_CISO Todd this is not how it works on here! 😭😭😭

Good morning all.

@rekdt Wait… if it's called React2Shell, why are we patching Next.js? Can someone draw me a diagram? Preferably in PowerPoint, not that fancy Lucidchart thing.

My CISO asking how patching for React2Shell is going and I tell him I don't react, I only respond

@corbin_braun Who builds a product? LOL. I buy products.

why are you building a product you wouldn't even use yourself?

People on X are fucking insane. People on LinkedIn are much more normal.

@vercel_dev Now you want me to approve sharing all of our organization's source code with you...?

Vercel Agent can now automatically detect React2Shell-vulnerable projects and open PRs that patch your code to safe versions. Whether automated or manual, patch your projects today. vercel.com/changelog/auto…

@marcrandolph Hey, I'm not smart either!

Listen. I am not smart. 99% of my ideas are bad ones. But my stand out trait is my optimism. I'm a believer. When all of my companies were at their darkest hour, I always believed we would make it out. But that's attitude. And I have three things I do which help a lot: 1. I am pre-disposed to action. I think less and I do more. Rather than working on business plans, forming committees, or any of that bullshit, I immediately jump to "how can I quickly just try this?" 2. I am great at triage. I have a good intuitive sense of which problems - out of the hundreds of things that may be going wrong - will be the ones that, if I fix them, will render the others meaningless. 3. I can focus. When you have a hundred things on fire, it's really hard to say "I'm going to put all my effort into the two critical ones" (see above trait) and ignore all the others - even if they are the ones that are burning the hottest. But hey... that's just me.

Good morning fellows Just sent some AI vendor a security questionnaire Can't wait to see their AI generated response I have a meeting with them today, I will them that I didn't prepare at all That way they'll think I'm so busy they'll have to take me to a steakhouse immediately

@theo Who ships corn.js? 🌽

AI will use around 260 billion gallons of water this year. Corn farms in the US will use around 20 TRILLION gallons of water this year. We should make corn illegal.

@rauchg @vercel @allenzhou101 @witsdev @tomdale Oh no. Vibe security. Where is the architecture document and the vendor risk assessment pdf?!?!?!

The @vercel Agent can now apply security patches and open PRs. Unlike classical solutions, AI agents can figure out complex monorepos, work across package managers, bump peer dependencies, etc. Amazing work by @allenzhou101 @witsdev @tomdale.