Behlül ⛧

Cobbled together a supply chain monitoring system last week: Cursor+Composer-2-fast harness on live package diffs (pypi+npm). Simple! Received a slack alert within minutes of Axios compromise. Reported to the devs after triple checking, because at first I could not believe it!

@batuhan_katirci kaç ton litre gittiyse helal olsun asbkdjaısf

We’re introducing Dynamic Workers, which allow you to execute AI-generated code in secure, lightweight isolates. This approach is 100 times faster than traditional containers. cfl.re/4c2NvPl

Not often you see plain text passwords these days! The source code of baydoner.com is interesting too 🤷‍♂️

Introducing Code Review, a new feature for Claude Code. When a PR opens, Claude dispatches a team of agents to hunt for bugs.

Patch Diff to SYSTEM - using LLMs to exploit a LPE vuln on Windows. More importantly, some thoughts on model capabilities the implications on our security industry elastic.co/security-labs/…

Re: AI finding bugs.. Folks used to use CPUs to run fuzzers to find bugs, now they use GPUs to run models to find bugs. It’s essentially another way of fuzzing. A verifying process is built upon the nondeterministic output by fuzzer or AI. But there’re some differences: An individual researcher can do fuzzing at home and find serious bugs - I’ve been doing it for long time, the ROI is very good if you “fuzzing it right”. Now serious AI bug finding seems can only be performed by resource-rich companies.. What’s the ROI of AI bug findings? Can it be improved in future eg. the ROI can be very good if you “prompting it right”, or when “the model is good enough and using it is cheap enough”?

My new favorite insult is calling someone’s job a Claude skill.

hay ananı ya şimdi de biz işsiz kaldık

anthropic vs openai is like kendrick vs drake but for nerds

[453094710][reward: $250000] Out-of-bound read in the jmp table of ActiveMediaSessionController leads to sandbox escape. crbug.com/453094710

Her hafta hem içerik kalitesini hem de çekim ve prodüksiyon süreçlerini adım adım daha iyi hale getiriyoruz. Bu hafta 3. bölümünü paylaşıyor olacağız. Takip ederek bölümleri kaçırmamanızı tavsiye ederim. 🎧 Spotify: open.spotify.com/episode/5KSOio… 📺 YouTube: youtube.com/watch?v=ePghH7…

github.com/HacktronAI/ski… You are looking at 200k in WAF bypasses.

sick

sığğğğğ

Hacktron Research is leading in @vercel react2shell WAF challenge with $150,000 in bounties. This is the shit that keeps me up. building @HacktronAI to bring the best of hackers and AI together, and to be in the loop when hacks like this happen or find before they happen. your goodhart's-law-optimized “completely autonomous AI pentester” isn’t doing this shit. it's too busy selling snake oil.