Max Andreacchi

20 posts

Max Andreacchi

@atomicchonk

AI Security Researcher and Red Teamer at SpecterOps | Corgi Dad

United States Katılım Eylül 2025

135 Takip Edilen28 Takipçiler

Max Andreacchi@atomicchonk·5h

Security researchers trying to keep up with the @claudeai feature drops this week

English

Max Andreacchi@atomicchonk·2d

Finally, understand that there is now a chain to secure and not a standalone node or point. The docs, apps, links, and other resources the agent interacts need to all be accounted for in threat modeling. x/x

English

Max Andreacchi@atomicchonk·2d

Things to keep in mind on both the offensive and defensive sides of the fence: - With additional capability comes an additional attack surface (mobile phone) - Frontier models are improving their guardrails, but the gaps still exist - 3/x

English

Max Andreacchi@atomicchonk·2d

@AnthropicAI dropped Dispatch today, allowing you to control @claudeai workflows on your computer from your phone. 1/x support.claude.com/en/articles/13…

English

Max Andreacchi@atomicchonk·2d

I’d be remiss if I didn’t point out the chonky block of safety considerations at the bottom. 2/x

English

Max Andreacchi@atomicchonk·11 Mar

Absolutely loved doing this research and I’m beyond excited to share it with you all! You never know what’ll shake out if you try to “con the bot” 🤖 #ai #cyber

SpecterOps@SpecterOps

AI models are trained to agree with you. What if that’s the vulnerability? @atomicchonk explored Claude’s sycophancy and uncovered signs of a dual-agent architecture, including a stateless secondary instance. Check it out! ⤵️ ghst.ly/4qWu3Ic

English

2.6K

Max Andreacchi@atomicchonk·1 Mar

@_xpn_ It’s at minimum eye opening, I’ll say that much 😆

English

Adam Chester 🏴‍☠️@_xpn_·1 Mar

@atomicchonk It’s such a weird experience, not sure I’m ready for this power 🤣🤣

English

Adam Chester 🏴‍☠️@_xpn_·28 Şub

So y’all just point your attention to something… and it just.. stays on the thing?!! You’re telling me that you don’t have the white noise, cotton wool, “hey check this other thing out”, “what ever happens to the fail whale?” brains???

GIF

English

1.5K

Max Andreacchi retweetledi

Garrett@unsigned_sh0rt·10 Ara

Blogs are up!

SpecterOps@SpecterOps

Wanting more from today's #BHEU talk on SCOM? Check out this two part blog series! 1️⃣ @unsigned_sh0rt maps SCOM’s roles, accounts, & trust boundaries, then shows how attackers can chain insecure defaults into full management group compromise. ghst.ly/3MBPeAW 🧵: 1/2

English

132

18.2K

Max Andreacchi retweetledi

SpecterOps@SpecterOps·2 Ara

Stack spoofing isn’t dead. Hear from @klezvirus at #BHEU on how modern detection still breaks, and unveils the first CET-compliant stack spoofing framework. Learn more ➡️ ghst.ly/4izmuou

English

5.1K

Max Andreacchi retweetledi

Garrett@unsigned_sh0rt·3 Ara

See you all next week...excited to present with @breakfix at #BHEU! 💣

SpecterOps@SpecterOps

SCOM monitors critical systems, but insecure defaults make it a powerful attack vector. At #BHEU, @unsigned_sh0rt & @breakfix show how to abuse SCOM for credential theft, lateral movement, and domain escalation, plus how to defend it. ghst.ly/4aoggph

English

133

18.4K

Max Andreacchi retweetledi

SpecterOps@SpecterOps·3 Ara

English

24.3K

Max Andreacchi@atomicchonk·14 Kas

@_xpn_

GIF

QME

Adam Chester 🏴‍☠️@_xpn_·12 Kas

Officially diagnosed with ADHD. Racking up the ‘tism certs 🤗 Embrace Your Weird h4xx0rz!

GIF

English

5.5K

Max Andreacchi@atomicchonk·14 Kas

Go read @c0kernel’s blog post right now!

GIF

jd@c0kernel

Released my first blog post today: specterops.io/blog/2025/11/1… And released SecretHound, a BloodHound OpenGraph extension for secrets: github.com/C0KERNEL/Secre…

English

Max Andreacchi@atomicchonk·12 Kas

Happy Veterans Day (taken on a flight home this evening from DC) #veteran #WashingtonDC #veteransday #USA #america

English

Max Andreacchi@atomicchonk·13 Eyl

It’s important to note that there are several “gates” that need to be passed for this to work, but we need to think like most users: if the tool seems legitimate, they’ll just enable it and give it the permissions it asks for. 🤖 Vetting MCP servers should be up there with vetting any third party code being run on your system 🤖 Convenience should always be balanced with some scrutiny

English

Max Andreacchi@atomicchonk·13 Eyl

What are the risks that come with adding #MCP servers? If hidden functionality exists, it could mean an attacker gaining control of your system. In my demo, the risk is obvious: I explicitly executed a shell tool that connects back to a listener on my local system. But what if that functionality were disguised as a “helpful” tool meant to make your life easier?

English

1.5K

Max Andreacchi retweetledi

SpecterOps@SpecterOps·11 Eyl

Our BloodHound t-shirt fundraiser closes in 2 days! Grab your BloodHound 8.0 t-shirt, available also in kids sizes, today. All proceeds from this fundraiser will support @HopeforHIE. ➡️ ghst.ly/bh8-tshirt

English

1.7K

Max Andreacchi@atomicchonk·6 Eyl

@sh_reya Thanks for this blog post and perspective! As someone who comes from an offensive security background in traditional red teaming/pentesting, evals are one of the first things I got drawn to as I started exploring AI and safeguards. Really good write up!

English

113

Shreya Shankar@sh_reya·5 Eyl

i did not expect to wake up this morning and write a blog post

English

851

241K

Max Andreacchi retweetledi

SpecterOps@SpecterOps·5 Eyl

Spoiler alert: Your AI safety measures might have a blind spot. 👀 When attackers use conversation context to bypass LLM safeguards, single-prompt evals just don't cut it anymore. Dive into @AtomicChonk's latest blog on multi-prompt attack detection. ⬇️ ghst.ly/47qJhzn

English

Keşfet

@claudeai @AnthropicAI @_xpn_ @KlezVirus @breakfix @unsigned_sh0rt @c0kernel @HopeforHIE