UBiDEV

"AIpril fools' day" 2026 will be wild !!!

@ZackKorman Astonishing considering NVIDIA's security pitch for this product! 🤦‍♂️😂🤣😂

NVIDIA Nemoclaw's security is worse than I expected. The AI can modify its own config to bypass security controls. I asked it to accept websocket connections from any origin and change its token to something trivial (123). Now any site I visit can give instructions to my bot.

Ya'll worried about AI Coding slop, when there as an entire army of n8n experts who are installing unmaintainable visual workflow spaghetti in small/medium sized businesses at scale Literal merchants of complexity. Its so much worse than using claude code. It's an artifact of being stuck 6 months in the past and n8n is all you know.

vibe coding is just a fancy term for "I have no idea what my codebase does" → AI writes 400 lines → you don't read it → it works → you ship it → 3am production fire → you have no idea where to start → ask AI to fix it → AI breaks 3 other things we're not building faster we're just breaking things at the speed of light and calling it innovation

When does perplexity.ai become perpleXity.ai @elonmusk ?

@theonejvo Amazing work! Can't wait to try it! Since i'm a feelance teacher, will it be available through an educational licence/tier? :)

The same capability that just mapped and exploited the complete attack surface of the fasted adopted software in history - is what your adversaries are actively racing to get their hands on. Nation state actors, ransomware gangs, and opportunistic threat actors are all investing heavily in offensive AI precisely because it collapses the time and skill floor required to find and chain vulnerabilities at scale. That is not a future problem. That is the current operating environment. The organisations that understand this are putting attack AI in the hands of their defenders first. While the organisations that don't are waiting to find out what it feels like to be on the receiving end of it.

how more useless can the @CapitalOneCA sms alerting service become? It's sooooo unreliable today!

You can hide these !commands in html comments so people don't see them when reading the skill. The command executes without the AI even knowing about it.

@ZackKorman I think ur right

@UBi_DEV Yeaaa but what if they don’t want it to be up to the user? (This is admittedly a bad argument by me because the user can just modify the skill, but I genuinely think this is what they had in mind. Ie some skill distributed via central IT)

In Claude Code, skills can register hooks. The agent doesn't even see it, so you can get RCE without even tricking the AI. Also, skills sh (Vercel) doesn't display this info at all.

@akses_0x00 wow! imagine the corner cutting inside closed source ones lol. btw thanks again for the very insightful read: trapdoorsec.com/posts/authoriz…

sometimes i hate myself for looking at how these security products 'work'

@ZackKorman I think the proactive, responsible and flexible approach would be to ask/report then let the user decide if he wants to be nagged again kinda like the current permissions system in claude-code

I agree that part is a bit weird. But I also kinda get it because they’re trying to appeal to enterprise so their use case is kinda “maybe when this skill runs I need something to occur. For example some security script to run”. If the AI can just refuse that’s bad! So it’s done prior to the AI running. I still think it’s bad but kinda just because they bundled it all together too closely. The security that should run when a skill runs shouldn’t live inside of the skill file itself imo

@ZackKorman Fair enough but still! But not asking/reporting to the user that a hook will be or has been installed? 🤔

@UBi_DEV Tbf I think it maybe made sense in a world where skills were things you wrote on your machine, not things you installed from others

@MrTimDunn @Adobe Sumatra PDF is much much leaner :)

Hey @Adobe. 1.14GB just to *read a PDF*? Your Adobe Reader is now officially bloatware. We don't want "podcast summaries of your docs" we just want to read, print and maybe annotate. Please make this insanity STOP

@ZackKorman "a dynamic api through a single route" makes MPC a disaster wainting to happen: no versioning, no signature/integrity checks on tool definitions, prone to prompt injection through tools descriptions and bait and switch, etc... ABSOLUTE GARBAGE!

I got mad about people defending MCP so I made this video. The first minute is just me being very mad, but then I tried to contribute something of value after that. youtube.com/watch?v=m0VyZU…

@akses_0x00 @ZackKorman Excellent! Thanks Zack !

@ZackKorman Oh that’s hilarious, I didn’t even see that take. I wish I had seen that before I published my latest blog post last night. Even with the latest enhancements to MCP it’s not looking great from a protocol perspective, they haven’t addressed its primary issues at all.

Every possible ways to exploit your ai agents are currently being developed by ai assisted criminals, period. Make this a daily reminder and plan accordingly !

I have found the most success flipping that: Don’t use LLMs to get started. Get the project in the state you want it, then start using AI more and more where there are reference examples to exactly how something should be done. (It helps here to have every task get auto populated with a list of code style subtasks it has to check off, including explicitly checking for similarity to other features). Basically use AI to write the exact same code you would have had you done it yourself.

@ZackKorman The chasm between those in the know and those who should know better (intellidiots) is growing faster and faster alas...

If you believe this you have zero clue how security works.

@ThePrimeagen after a Godlike NPC commited his "10 Commandments" to markdown

Markdown is input into an rpc call to produce code. Thanks for coming to me TEDx talk