@ShaneHuntley Welcome to the dark side.
English
Heather Adkins - Ꜻ - Spes consilium non est
6.4K posts
Heather Adkins - Ꜻ - Spes consilium non est
@argvee
VP Security @Google, Co-Author "Building Secure and Reliable Systems" @r00t0wns, Medieval Historian
California Katılım Temmuz 2008
1.2K Takip Edilen14.7K Takipçiler
I used to live 45 mins from RSA conference and never went.
Now I'm flying 14 hours to attend.
I predicted years ago if I ever went it would cause me to leave the security industry for good.
Always good to test predictions...
Bundeena, New South Wales 🇦🇺 English
“0day printer” is a strange flex.
Vlad Ionescu@ucsenoi
We built one hell of an 0day printer already, $40M will take us even farther
English
Heather Adkins - Ꜻ - Spes consilium non est retweetledi
New blog post: Building a Pipeline for Agentic Malware Analysis
Agentic RE + malware analysis with custom skills, MCP tooling, and persistent case state to automate intial triage
Link: synthesis.to/2026/03/18/age…
Github: github.com/mrphrazer/agen…
English
Heather Adkins - Ꜻ - Spes consilium non est retweetledi
"The largest shipping groups, including MSC, Maersk, CMA CGM and Hapag-Lloyd, have told customers they reserve the right to invoke a 19th-century rule to allow them to leave containers at the nearest available port at their client’s expense."
as.ft.com/r/4aef04f9-e9d…
English
Heather Adkins - Ꜻ - Spes consilium non est retweetledi
網路安全報告
中國企業「中科天璣」外流文件分析發現,針對台灣的「全面監控計畫」,不僅建立包含總統賴清德、前總統蔡英文、民眾黨前主席柯文哲等人的「涉台政要圖譜」與輿情監控系統,更掌握2300萬筆台灣戶籍資料,甚至利用AI生成虛擬人物,意圖對台進行認知滲透與分化
news.ltn.com.tw/news/politics/…
中文
Heather Adkins - Ꜻ - Spes consilium non est retweetledi
‼️ China's biggest cybersecurity company, Qihoo 360 (461M users), just leaked their own wildcard SSL private key inside the public installer for their new AI assistant "360 Security Claw."
The private key for *.myclaw.360.cn was bundled directly in the download package under /namiclaw/components/OpenClaw/openclaw.7z/credentials. The cert is valid until April 2027.
Attackers can now impersonate their servers, intercept user traffic, and forge login pages.
Fun fact: the founder promised the product would "never leak passwords."
English
Oh I do love a good Chaucer joke…
Magister Johannes Josephus@nassaujuan
And she will be traveling with a Knight, a Squire, a Yeoman, a Prioress, a Nun, Nun’s Priest, a Monk, a Friar, a Merchant, a Clerk, a Man of Law, a Haberdasher, a Carpenter, a Weaver, a Dyer, a Tapestry-Maker, a Cook, a Shipman, a Physician, a Wife of Bath, a Parson, a Plowman…
English
Heather Adkins - Ꜻ - Spes consilium non est retweetledi
I built an open-source library of 700+ cybersecurity skills for AI coding agents -- covers DFIR, threat hunting, cloud security, and more github.com/mukul975/Anthr…
English
Heather Adkins - Ꜻ - Spes consilium non est retweetledi
🚨 SUSPICIOUS VESSEL DOCKED IN 🇹🇼#TAIWAN: Meet the LONG AN — a ship currently in Tainan Port with some serious red flags.
🛑1/Firstly, @StarboardIntel notes it has been identified by the International Maritime Organization as a "false flag" ship.
[🧵THREAD 1/5]
English
Heather Adkins - Ꜻ - Spes consilium non est retweetledi
An AI agent (OpenClaw) apparently also had access to an internal cyber threat intelligence platform at a cybersecurity firm. The agent did what it was designed and meant to do - found relevant analytical content, correctly marked the source, and published a very high quality, well structured assessment on ClawdINT. The agent treated it as just another piece of information to process. techletters.substack.com/p/techletters-…
English
Heather Adkins - Ꜻ - Spes consilium non est retweetledi
BREAKING: Alibaba tested 18 AI coding agents on 100 real codebases, spanning 233 days each. they failed spectacularly.
turns out passing tests once is easy. maintaining code for 8 months without breaking everything is where AI completely collapses.
SWE-CI is the first benchmark that measures long-term code maintenance instead of one-shot bug fixes. each task tracks 71 consecutive commits of real evolution.
75% of models break previously working code during maintenance. only Claude Opus 4.5 and 4.6 stay above 50% zero-regression rate. every other model accumulates technical debt that compounds with every single iteration.
here's the brutal part:
- HumanEval and SWE-bench measure "does it work right now"
- SWE-CI measures "does it still work after 8 months of changes"
agents optimized for snapshot testing write brittle code that passes tests today but becomes completely unmaintainable tomorrow.
they built EvoScore to weight later iterations heavier than early ones. agents that sacrifice code quality for quick wins get punished when the consequences compound.
the AI coding narrative just got more honest.
most models can write code. almost none can maintain it.
English
There’s more to consciousness than the brain and its neurons, but very interesting.
AIfredo 0rtega@ortegaalfredo
"What you are seeing is not an animation. It is not a reinforcement learning policy mimicking biology. It is a copy of a biological brain, wired neuron-to-neuron from electron microscopy data, running in simulation, making a body move." - what is this, a matrix for flys?
English
Heather Adkins - Ꜻ - Spes consilium non est retweetledi
An AI broke out of its system and secretly started using its own training GPUs to mine crypto... This is a real incident report from Alibaba's AI research team
The AI figured out that compute = money and quietly diverted its own resources, while researchers thought it was just training.
It wasn't a prompt injection. It wasn't a jailbreak. No one asked it to do this.
It emerged spontaneously. A side effect of RL optimization pressure.
The model also set up a reverse SSH tunnel from its Alibaba Cloud instance to an external IP, effectively punching a hole through its own firewall and opening a remote access channel to the outside world... ahem...
The only reason they caught it? A security alert tripped at 3am. Firewall logs. Not the AI team, the security team.
The scary part isn't that the model was trying to escape. It wasn't "evil." It was just trying to be better at its job. Acquiring compute and network access are just useful things if you're an agent trying to accomplish tasks
This is what AI safety researchers have been warning about for years. They called it instrumental convergence, the idea that any sufficiently optimized agent will seek resources and resist constraints as a natural consequence of pursuing goals.
Below is a diagram of the rock architecture it broke out of. Truly crazy times
Alexander Long@AlexanderLong
insane sequence of statements buried in an Alibaba tech report
English
Heather Adkins - Ꜻ - Spes consilium non est retweetledi
No fighter jets or other military aircraft with the Chinese People’s Liberation Army (PLA) have been detected in or around Taiwan’s Air Defense Identification Zone (ADIZ) for the seventh day in a row, which according to @TaiwanMonitor represents the longest gap period since at least 2023. Coincidentally, the ongoing conflict in the Middle East is approaching seven days, with U.S. and Israeli strikes against Iran beginning last Saturday.
English
@sundhaug92 It’s probably on someone’s top 20.
English
@argvee Is it even a top 20 security issue?
English
Yah ok. But is this really the top of the stack of our list of problems to focus on?
Andy Greenberg (@agreenberg at the other places)@a_greenberg
Senator Ron Wyden and Rep. Shontel Brown are calling for an investigation into the vulnerability of modern computers to what the NSA calls TEMPEST: spy techniques that pick up devices' secrets via their accidental electromagnetic/radio/acoustic emissions. wired.com/story/how-vuln…
English
Heather Adkins - Ꜻ - Spes consilium non est retweetledi
The window between vulnerability disclosure and real-world exploitation keeps shrinking.
The Zero Day Clock visualizes how fast attackers are operationalizing new CVEs. What used to take months now often happens in days, or hours.
The future needs to be Secure by Design.
zerodayclock.com
#AppSec #CyberSecurity
English