RustyRabbit

@banteg >it's too powerful to release! >5 supply chain attacks >3 exploits on linux >5 exploits on windows >github compromised >all within 2 months brothers idgaf if it's "too powerful" obv the other side is ahead of the race already 😭

@MemoryReboot_ A more apt analogy is the Mac is a Mercedes van on the Nordschleife and the GPU based system is a hot hatch running on the same track. The hot hatch is faster but it isn't carrying the same load.

Why Mac Studio is a trap for local AI - Large unified memory looks sexy on paper - Great for chatbots, terrible for 24/7 tool calling workflows - No CUDA = no vLLM, no SGLang, no tensor parallel - $10k plus for a dead end box you can't upgrade It's like owning a Porsche with a 100 km/h top speed

@hrkrshnn What is needed is policy driven de Sion. Biggest problem is probably how do you express the rules when the actions are by nature ambiguous and situational.

If you believe human in the loop is the future of AI, what config do you run Claude? 1. It asks permissions for everything; I approve all runs 2. --dangerously-skip-permissions

You think there's been lots of hacks? There are companies right now replacing software that was working perfectly well for years, that we can inspect and find bugs in... with "agents" we can't inspect, commanded by prompts that influence its output in ways we can't map, and that are mathematically incapable of separating instructions from untrusted data. All of that for 1,000,000,000x the compute cost, and an error rate orders of magnitude worse than before. Since businesses now apparently exist to be AI customers and justify AI valuations instead of providing products and making profits, you can expect the trend to keep going for a while.

@PatrickAlphaC I keep asking myself "what the hell is DPRK doing better than we are, and what can we do or how can we organize ourselves to beat them". Still haven't found what I'm looking for.

We live in a time between times. The hackers have incredible technology to find bugs quicker than the defenses can put up. These are the biggest public hacks I think I’ve ever seen since getting into security. This has to change. We need to use the same tools as defense.

layerzero attack was not rpc poisoning in networking poisoning is when the attacker outside the trust boundary taints a shared lookup (dns, arp, cache). the consumer has no reason to distrust the source. this was not that. the attackers got inside layerzero's trust boundary. they accessed the rpc list, compromised two nodes the dvn depended on, and swapped the op-geth binaries. that's an infra breach within the perimeter. supply-chain shaped, not network shaped. and the payload was surgical. the malicious binary cloaked by ip, served forged payload only to the dvn, told the truth to scan and every other caller, then self-destructed to wipe logs and binaries. rpc poisoning makes it sound like something that happened to the infra from the outside. the real story is a targeted implant operating inside the trust boundary. that's a meaningfully scarier attack than the label suggests.

@koeppelmann @lex_node Isn't a "security council" just another form of goverment though? Mabye a good way of looking at it is that you choose the government you enter into when bridging to an L2. We do however need clear expectations as to the boundaries regarding socializing bad debt across bridges.

hm... I still think there is "territory" between "Bitcoin/Ethereum" on the one end of the spectrum and on the other end of the spectrum following e.g. OFAC that is clearly used as a political instrument (of sometimes understandable but also sometimes random US interests): see e.g.: lemonde.fr/en/opinion/art… So yeah, I would wish that "we" (e.g. a chain like Gnosis or Arbitrum) can develop some form of arbitration system ("security council") that at the same time does not need to bow to OFAC but also can decide to lock out dprk hackers.

For a long time, I was running around telling people, “L2s are not Ethereum.” I was right, but also wrong. I was right because they actually are not. But I was wrong because I believed there should be more systems like Ethereum. Now I think it’s great that Ethereum exists as the neutral base layer, while L2s should be opinionated layers on top. And they are now starting to make that explicit.

@tayvano_ Yeah not only spoof the primary rpc, but also DoSsing the secondary.

its a pretty good hack ngl 🫠

@tayvano_ @lex_node @senamakel @KelpDAO @LayerZero_Core Add to that an optimistic L2, and I wonder if it's possible to get a malicious Tx on L2 into the state update on L1 before the L2 checks the fraud proof

@lex_node @senamakel @KelpDAO @LayerZero_Core

@lex_node @KelpDAO @LayerZero_Core docs.layerzero.network/v2/workers/off… "DVNs are independent entities that validate the authenticity and integrity of messages sent across blockchains within the LayerZero ecosystem" so looks more of a validator to me...

@banteg Could 308 (and 309) have been reorged out at Unichain side?

it's really crazy that layerzero doesn't have some redundant sanity check and allows to bridge 116,500 rseth from a chain with a supply of 49 anyway here is my investigation gist.github.com/banteg/705d028…

@storming0x @banteg I was wondering how they'd go from "our next model is so sophisticated we have to censor it " to this our next public model. I guess the word is neutered.

Hit this running my normal security review workflow with claude on the new Opus. Have run similar workflows several time with previous opus models with no issues. New opus needs to chill a bit, these are not even confirmed findings just the initial leads 🤷

Kraken Security Update We are currently being extorted by a criminal group threatening to release videos of our internal systems with client data shown if we do not comply with their demands. It’s important to start with the most important points: our systems were never breached; funds were never at risk; we will not pay these criminals; we will not ever negotiate with bad actors. Kraken identified and shut down two instances of inappropriate access to limited client support data. In February 2025, we received a tip from a trusted source regarding a video shared on a criminal forum that appeared to show access to our client support systems. We immediately launched an investigation and quickly identified the individual involved as a member of our support team. Their access was revoked immediately, a full investigation was conducted, additional security controls were put in place and a limited number of affected clients were notified. Since then, we have been collaborating with industry partners and law enforcement to investigate and disrupt insider recruitment efforts targeting not only crypto companies, but also gaming and telecommunications organizations. More recently, we received another tip, along with a new video showing similar activity. We quickly identified the individual involved and terminated their access. As before, we acted immediately to revoke access, conduct a full investigation, and notify the small number of affected clients. Across both incidents, only a very small number of client accounts were potentially viewed - approximately 2,000 in total (0.02% of clients). Shortly after access was terminated, we began receiving extortion demands. The criminals threatened to distribute materials from both the February 2025 incident and the recent incident to media outlets and on social media if we did not comply. We will not pay these criminals. Based on intelligence gathered across both incidents, along with extensive ongoing analysis, we believe there is sufficient evidence to support the identification and arrest of those responsible. We are actively working with federal law enforcement across multiple jurisdictions to pursue all individuals involved and bring them to justice. Due to the ongoing investigation, we cannot share additional details at this time. However, anyone with relevant information is encouraged to contact us directly. The security of our clients is our highest priority, and we remain fully committed to combating the growing global threat of insider recruitment and constantly enhancing our security practices to combat new threats. Note: If you are a client potentially affected by this, you've already been notified.

@PatrickAlphaC What about an unrelated standalone mobile app acting as a proxy to scan the qr code, do the nested decoding and present it to the hardware wallet (instead of it directly scanning from MM)? Wondering if it's possible to create a snap that sends it to the app via WalletConnect

We need to talk about hardware wallets. 1. If you have one, you're probably signing transactions without checking calldata. 2. If you don't have one, you're more susceptible to hacks. One of these needs to change.

@0xRajeev Increased occurrence of high profile attacks always meant security budgets I creased the years after.

I got into cybersecurity circa '99, starting with my grad school research. Since then, I've worked on different aspects of security in academic research, corporate R&D, startups and for the last decade in crypto. As cybersecurity practitioners, we've always known that things will get much worse before it gets better. However, the attack surface only keeps getting bigger and so we're yet to get better overall. Certainly feels like we're revisiting many of the same challenges, and even bigger ones in web3 security with tokenized assets, self-custody, immutability, Byzantine threat model and decentralized governance.

- Drafted a blog post - Used an LLM to meticulously improve the argument over 4 hours. - Wow, feeling great, it’s so convincing! - Fun idea let’s ask it to argue the opposite. - LLM demolishes the entire argument and convinces me that the opposite is in fact true. - lol The LLMs may elicit an opinion when asked but are extremely competent in arguing almost any direction. This is actually super useful as a tool for forming your own opinions, just make sure to ask different directions and be careful with the sycophancy.

security auditors only have 5 moods: 1. fk I hit the Claude limit again 2. how we gonna get rich 3. random 2 am motivation 4. intense loneliness 5. my family needs me

"The language models we have now are the most significant thing to happen to security since the beginning of the internet". Nicolas Carlini from Anthropic. Full video below:

@DevDacian @milotruck @nisedo_ Tragedy of the commons at work'

How many salaries are you responsible for paying on regular basis? Are you providing the livelihoods for 20-30 people on an ongoing basis? If you are just a solo independent act it is easy to talk smack and want everything for free. Why doesn't Cantina open-source their AI and give away their edge? @hrkrshnn

Fuzzing a codebase from scratch takes hours of setup What if it took 1 command? Echidna/Medusa harness + basic invariants, auto-generated for ANY Foundry project Soon™

These days, in almost all my discussions I get asked what I think about AI and the future of security, so I figured I should share it here Short version: I try not to have a strong opinion yet. We are clearly in a transition phase, and outside of people working directly on foundation models, no one really has a solid view of where this is going Over the past months, LLMs improved a lot. The releases at the end of 2025 were a real step change. In practice, most people I know (myself included) have barely written code in the past 2-3 months. For security, we went from "this is fun" to "this is actually useful" Right now, the best mental model I have is that we effectively jumped from having no tooling to having an advanced static analyzer or fuzzer. A lot of bugs that used to take time to find can now be surfaced quickly Does that mean security researchers disappear in 2 years? Based on today’s tech, I do not think so. There are a lot of bugs to be found. Some are found by humans, some by traditional techniques, and now some by LLMs. But it does not mean all bugs get found. If anything, history suggests there are always more bugs than anyone expects, and that gap does not go away easily The real question is: do LLMs get another capability jump, or just steady iteration? There are reasonable arguments both ways. To be honest, I do not have enough understanding of how these models evolve to have a confident answer. And anyone giving a very definite answer is probably overconfident, unless they are working directly on the models Depending on that, the role of security researchers could change a lot, including the way we work. The demand could decrease if models get very strong at finding bugs. But it could also increase if the amount of code grows faster than the models’ ability to reason about it. We could even end up with a shortage of experienced researchers in a few years if fewer juniors enter the field while seniors move elsewhere. It is hard to predict because everything depends on how model capabilities evolve On the business side, I am skeptical about "AI audit as a service". If models keep improving, it is hard to see how these companies compete with native offerings from OpenAI or Anthropic. Especially if those providers stop exposing raw capabilities and push everyone into their own products. I tried codex security, and while it is not perfect, it is clear where this is going. Mythos / Capybara seem to be around the corner, and it will be interesting to see how far it goes My current bet is that within a few months, tools like codex or claude security will be great at finding blockchain issues, and they will integrate directly into most dev pipelines. At that point, the marginal value of an extra "AI audit SaaS" becomes limited So what to do as a security researcher? Be adaptive. This is a transition period, and things will likely move fast in 2026. Stay curious, and keep working on skills that give you an edge. Regularly reassess where you are strong or weak, and where AI helps you versus where it replaces you. If you like challenges, see AI as one that pushes you to improve Also, be careful with what people call "cognitive debt" or "brain rot". I was skeptical at first, but I do see it now. The more I rely on LLMs during an audit, the more I lose part of the intuition that I normally build while going deep into code. That intuition is still critical to find complex bugs. I have not found the right balance yet, but it is something to watch It probably makes sense to revisit your view on LLMs every 3-6 months. I have already been wrong a few times on this, and I am fine with that, as long as I don’t get locked into a fixed view Finally, a lot of people focus on the downside for security researchers. But there are also upsides. I can explore codebases much faster, build custom tooling easily, and spend less time on boring tasks. Maybe it’s my last few years/months as a security researcher, maybe not. But at least LLMs let me have some fun before doomsday 😅

@hanni_abu @_esk_kse_ @lex_node bc im fucking censorship resistant and capture resistant and open and freeeeeeee