b0n0n

"Hide the tools" never worked in security. AI won't be the exception. Anthropic locked Mythos inside 40 companies. OpenAI just released GPT-5.5, same capability, open to everyone. KYC + guardrails instead of invitations. We have early access to the model, Check out blog post: xbow.com/blog/democrati…

For the quantum curious: apps.apple.com/us/app/qubit-s… On iOS simulate entanglement, quantum gates and learn about the strangeness of observables on coherent bits

The biggest problem for me about the currently-super-hot “ai bug hunting” topic is that folks use AI as a “magic box” or “crystal ball” to find bugs, but few explains how it works under the hood to “find bugs” (or do AIs really have that capability of reasoning). This isn’t in the spirit of hacking or research. In the true spirit of hacking, you figure out every piece of data and every instruction moving through the process — and understand exactly why it behaves that way. Another problem is that everyone plays with the same, centralized, cloud-based AI which acts like the SkyNet. If in future hackings look like this, that’s quite disappointing isn’t it. Well, al least, that’s how I currently feel about.. the thing.:)

For people tweeting "cyber security is dead", are u ok? You think when everyone and everything is about to get hacked and the need for security goes through the roof, you think it's "dead" or "solved"? Bruh what it highlights is that security has always been underresourced, not over. Sure your grandma became as good as a professional attacker by simply promoting an llm and that's, granted a scary base entry. What you might not realize is the real determined researcher type attackers just got 1000x more powerful than before. You no longer need to be 20 cracked researchers to zero click RCE an iPhone, you can be one of those guys who is great at one component to be able to build a full chain yourselves. What the mainstream realm seems to not realize is the people who were in the trenches finding the vulns we always knew where there driving these bots will find more mind boggling and complex vulns than your avg hacker. Always been true, will remain true. Look at Poetic, it used particular architrcute bn different LLMs with awesome scaffolding to get Gemini to be 3x better at ARCAGI2. Hacking is not going anywhere. Hackers gonna hack. We gonna hack everything including the Mythos Preview, and other huge ais. Another important thing to raise, esp for ppl who don't spend their time looking for complex bugs in hyper secure software is, different hackers have always found very very different vulnerabilities. In bug bounty, youd often have situations where after the most talented hackers hacked a program, and being open for years, some completely new guy no one has heard of will show up and RCE the program a million ways. And this happens daily. Sometimes it's because that person knows something the rest of the world doesn't, a quirk they figured how to exploit, perhaps a behavior or a zero day (which bounty programs don't often accept), but oftentimes it has nothing to do with that other than how different that person thinks and approaches problems. Their unique life experience. People who have hacked for decade+ like me KNOW to the core of their heart vulnerabilities have ALWAYS been there in large numbers, and in large variety in every set of "secure" software known to man. We've always known it's a matter of time until we break any target, and picking from this buffet of targets to optimize for our time's ROI... Not bc we didn't think they aren't there, or that "15 year old code" would never be vulnerable. 15-20 year old code is exploited daily by hackers, just look at the Linux kernel or windows. It is not a metric of "impressive" - Bc what there always was is unique skills and minds, but not enough time to deploy said x thing into the world in mass, the illusion of being secure has existed. And tbh often pentests and red teams rarely needed new techniques or zero days. These guys who were hacking with their own quirks, who can show up to mature programs and RCE it a new different way will use the same AI you use to find bugs but find radically different vulns than anything you will find. And there is nothing you can do about it other than cry to your bot. Remember there isn't a finite number of vulns to be found. The chances are there are infinite attack vectors, no I am not exaggerating or using hyperbolic words, it's what I truly believe after hacking for a while. So yes it isn't "solved" by any means, it means you will find ur simple "Claude find me vulns" bugs, and then someone will find something you couldn't even conceptualize, and after all that a bug bounty hunter (or their specialized agent) will show up and still hack you. The need for cyber security innovation (not just bug finding) just went through the roof, not less. Time will show I am right that even after Mythos runs on ur code 20 times, you will be surprised you still got hacked. Someone who thinks hacking away or is just going through a list of checklist of known vulns has never met a hacker. And it shows!

I vibed a rust linux client for @jack's BitChat. Supports Bitchat's e2e cryptography & peer verification github.com/spr-networks/b…

Learned something new about how to counter Mental Fatigue lately: news.ycombinator.com/item?id=405563…, hope it can help you as well :)

@justdionysus Solved it (a friend sent it to me) and it was pretty fun and different :) ty

On the passing of our dear friend and alumni, Sophia "quend" d'Antoine (@Calaquendi44)

Sharing my half marathon training plan with my current understanding. If you know to run, let me know what am I doing wrong. If you don't know to run, well, spring is here maybe it's a good time to try it :) #40015920" target="_blank" rel="nofollow noopener">news.ycombinator.com/item?id=400157…

I started to dive into the meditation realm and learned my first meditation technique from Andrew Huberman, here is my note I post on hackernews: news.ycombinator.com/item?id=396702…

Time for a treat even sweeter than a donut: we're giving away 2 pairs of Deca & Donu plushies to 2 lucky Slayers! ✨🍩 To enter: 1. Follow @Makeship and @MegaCrit 2. Retweet this post before March 7 @ 11AM PST DISCLAIMER: NO DONU IS NOT ACTUALLY EDIBLE.

direct link to the post garden.sparrow.zone/Yuval+Noah+Har…

Sharing some of my learnings from the Lex Fridman's interview with Yuval Noah Harari about mindfulness, thinking and learning. Welcome to discuss and share with me your must listen/watch/read book, podcast, documentary, movie, TV show :) news.ycombinator.com/item?id=389768…

HW discussion: news.ycombinator.com/item?id=387059… Hope this time it can trigger some interesting conversations and let me harvest some dopamine :)

garden.sparrow.zone/'Yes%2C+and...… I was reading some paper and saw the Stigmergy mechanism, reminds me of the "Yes, and..." principle brought up by a mentor, thus this blogpost. If you have a stubborn friend, share this post with them lol.

#38597958" target="_blank" rel="nofollow noopener">news.ycombinator.com/item?id=385979… love the first comment there :')

garden.sparrow.zone/You+Need+Less+… @defendtheworld sent me to the rabbit hole 👀; hope the post is helpful for caffeinholics, let me know if any information is inaccurate.

I've been building my digital garden(garden.sparrow.zone) for a while and enjoying new learnings and sparks every day, I love the intermittent reward it generates: inspirational conversations with my friends. 🥰

@_mxms big gg d00d!