Apoorva Giri

@IndianOilcl @PetroleumMin And it is not like I had trouble for just this refill, even the previous one. I went as far as complaining on official portals of Indane and even CPGrams @cpgrams , the complaints got closed, stating "issue resolved". On paper everything is smooth, reality is starkly different!

@IndianOilcl @PetroleumMin Waited in line for 30 mins. All landlines of the office have been disconnected. Go to counter 1, employee refuses to generate a bill. Wait and go to speak to the owner in the inner cabin, owner asks to call on his cell after a few days. Tell me again @IndianOilcl all is well??

This is what a line in front of the gas agency looks like. @karnataka_ioc @indane_gas They tell us don't panic, claims on social media is false. Notice the poster that says we are only delivering upto April 6 booking. People in line have booked in March, haven't gotten refills

I am a Vulnerability Analyst at the National Institute of Standards and Technology (NIST). There were 28,961 new CVEs published last year. I processed eleven per week. I need to explain what enrichment is because, without it, the rest of this does not matter. A CVE is a numeric identifier that catalogs a new software vulnerability. A CVE without enrichment is a number. CVE-2026-XXXXX. The number tells you a vulnerability exists. It does not tell you the severity. It does not tell you which products are affected. It does not tell you the attack vector. It doesn't indicate whether to patch on Tuesday or now. Every CISO in the country builds their patch-priority list using our enrichment data. We are the triage. Without us, the number is a fire alarm with no address. 28,961 alarms. I got to 572. Every morning I open the queue. The queue is a spreadsheet. It was a spreadsheet when I started, and it is a spreadsheet now. Monday's queue has between 70 and 130 new entries, depending on whether someone found a batch of WordPress plugins over the weekend. I scroll to the top. I pick two. Sometimes three, if one is straightforward. I assign them to myself. I open the enrichment template. I begin. The other 70 stay in the queue. Tuesday, they will be joined by 70 more. I will pick two. The page looks the same. I want to say that clearly. The NVD website, the one bookmarked on every security team's browser in every hospital and bank and water treatment plant and power utility in the country, loads the same way it loaded in 2023. Same interface. Same search. Same logo. There is no banner that says "this data is no longer current." There is no warning. There is no asterisk. The security team at a hospital in Ohio who checks NVD at 7 AM to decide which of their 340 unpatched systems to prioritize today is making life-and-death triage decisions using a database that stopped being maintained. They do not know it stopped being maintained. The page looks the same. We have not been defunded. I want to be precise about that. We have been "deprioritized." Our headcount has been "reallocated to other initiatives." Four analysts were moved to the AI Safety Measurement Initiative in January. AI safety measurement is the initiative that has funding. CVE enrichment is the initiative that protects the hospitals. The hospitals do not have an initiative. My manager told me in February that we are "transitioning to a community-driven enrichment model." Community-driven means that vendors whose products have vulnerabilities will self-report the severity of those vulnerabilities. I sat in that meeting. I wrote it down. Oracle will now assess the criticality of its vulnerabilities. Microsoft will now assess how urgent it is to patch Microsoft. The fox will now audit the henhouse and submit the findings in JSON. I still have my badge. I still have my login. I still open the spreadsheet. I still pick two. The queue has 9,247 unenriched CVEs as of this morning. Some of them are critical. I do not know which ones because they have not been enriched. That is what unenriched means. It means we do not know how dangerous they are because we stopped analyzing how dangerous they are. The page looks the same. The system that catalogs broken systems is itself broken. I catalog the brokenness. I have been cataloging it at a rate of two per day. At this rate, I will finish the current backlog in twelve years and seven months, not accounting for the 80 new entries that will arrive tomorrow, and the 80 after that, and the 80 after that. I am a Vulnerability Analyst at the National Institute of Standards and Technology. The page looks the same. The data doesn't. Nobody told the hospitals. That is my job. I am also not doing that.

Alright, I've stayed away from the Mythos stuff for a little bit. Going to comment on that, but AI as a whole. First, this AI industry is absolutely insane. I feel like I'm back in the 90s/2000s with innovation, but it's not tempered or methodical - it's pure chaos. Everyday there is some AI-dude-bro (or gal) clawing for followers claiming end of cybersecurity, end of software engineering, or this breakthrough changes everything. We're seeing the "streamer" effect of video games now exploding in every industry that hasn't been in whatever industry, but is now a AI-expert thus an expert in anything AI touches because they can prompt. Largely it's not, but what it is doing is requiring us to understand what AI will do to virtually every industry in the future. I'm sitting here right now at a conference I'm presenting at, and I spoke with an individual which was like man... I'm just trying to get through this SAP implementation at my company, I don't even know where to start with AI at the moment. We are still in the extreme early stages of what AI can do, and I think that's really the exciting part - we are at the infancy stages of this. Most enterprise can't handle AI, as most companies couldn't handle agile workflow when it came out either, it took time, but eventually adopted. I won't dive deep into the scalability of releasing AI to the masses based on compute, power, or subsidies because these are real hurdles we need to solve. As you can see with Claude's spike in popularity is causing them to have to dumb the model down upwards of 65% just to stay afloat (Claude is absolutely awful right now for coding - beware). Mythos is cool, really cool - but it's not earth shattering as claimed. The potential here we are seeing a glimpse of what can actually happen though. The ability to do extremely complex tasks, with insane context windows, and high-end reasoning. But, what we saw from other current frontier models including open LLMs, they were able to find the same issues, but had to be specifically targeted towards those code sections because of context limitations and complex task reasoning which was drastically improved in Mythos. What does this mean? Basically. Nothing. It's a lot of marketing hype - but it does prove out that as these models become smarter, it will inevitably produce much better code, be able to work in mind blowing fashions that we haven't seen before - but it will all come down to cost. Right now Mythos is extremely expensive because of the compute needed, and we may solve that over time, but it's not there yet. The subsidies right now means AI is not ready. Scale is our biggest bottleneck right now and until that's solved, the industry will not move as fast as it could. What's particularly impressive is how the open models are starting to perform on par (or better) with the frontier models and become way more efficient without restrictions (turboquant) as an example. Our ability to use near parity models on our own hardware will only continue to get better which is a huge threat for these companies. I at first looked at Cursor's implementation of Kimi as they were falling behind because it wasn't "their own model". That wasn't accurate, its that the open models are performing substantially better than from 6 months ago, and will soon be leading the charge or close to it. What does this mean for cybersecurity? The industry is changing rapidly, and I absolutely freaking love it. We needed a swift kick in the ass in this industry that was largely stagnant for the past 10-15 years. What used to be a handful of incredibly talented security researchers that knew systems internals, savants at reverse engineering and reading through millions of lines of ASM is now being afforded to the masses, but still has a long way to go. The reason AI is so good at doing this stuff is because they paved the way, and will continue to do so in different ways. Not eliminated or removed, enhanced and better than ever. AI is single handedly the largest theft of plagiarism that has ever happened in human history. I just got a 10K check from Claude for ripping off my Metasploit book to train its model to be smarter actually :P I am all for things that make the world a safer place. Our goal in cybersecurity is to fix the world, make it less harmful when using technology - we should be adopting this. Note that it's going to come with a ton of fluff, hype, doomsday predictions, people that are now AI exports or coding experts but have never written a line of code themselves. That's all to be expected if you have ever been to an RSA conference. AI will product meaningful change in an industry that needed it. Cybersecurity is much more than bugs or defects, it's protecting against risk. AI is a new emerging risk, it's going to keep us insanely busy right now, and for the foreseeable future.

@blinkitcares @letsblinkit

@blinkitcares your print store not only failed to give my complete documents, I also received documents belonging to other people. Where is the so called privacy? So called care for the documents?

Bengaluru: Bal Bhavan Society, Cubbon Park, will organise Summer Camp 2026 for children aged 5-16 from April 10 to May 15 at Kasturba Road. Activities include painting, handicrafts, street drama, clay art, karate, yoga, dance, tabla and traditional games. The fee is Rs 1,000 including materials. Govt school students get 50% concession, while children with disabilities and underprivileged children get free entry with documents. Registration: 080-22864189.

@IndiGo6E VNS to BLR flight canceled two days in a row!! Leaving the passengers scrambling to figure out how to return! Unhelpful support team and a very callous attitude!

Are you aware that, should you arrive 15 to 30 minutes late for your #France #Schengen Visa appointment at VFS Global, the Embassy has issued strict directives to VFS to process the applications of such applicants at the conclusion of all scheduled appointment slots for the day, without promoting the Premium Lounge service or refusing to accept the documents? Got this information during a conversation with a senior official from the French Embassy. Savdhan Rahe Satark Rahe

Achieving major milestone in critical defence technologies, Military Combat Parachute System (MCPS), indigenously developed by DRDO has successfully undergone a combat freefall jump from an altitude of 32,000 feet. The parachute system was deployed at an altitude of 30,000 ft, making it the only system deployed at this altitude which is in use by Indian Armed Forces The jump was executed by test jumpers Wg Cdr Vishal Lakhesh, VM (G), MWO R J Singh & MWO Vivek Tiwari, showcasing the efficiency, reliability, and advanced design of the indigenous system.

@urbancompany_UC your support option is broken in the app. I opened a ticket at 5pm yesterday and it is now almost 11am the next day and I have not gotten a human to speak to!

6 food products misleading Indians! A request to all food companies to reduce false marketing and a request to all Indians to read labels before anything. Share!

Dumb Down version for Non-Def folks Imagine you have two magical toys that are super connected, even when they're far apart. If you change something on one toy, like making it spin, the other toy will instantly know and do the same thing, no matter how far away it is! This is called "quantum entanglement," and it's like a secret superpower in the tiny world of light particles called photons. Now, the smart people at DRDO (a group that helps protect our country) and IIT Delhi made a cool discovery! They used this magical connection to send secret messages using light through the air, without wires or the internet, over a distance of more than 1 kilometer (that's like walking from your school to a park really far away!). They did this on the IIT Delhi campus with a special light beam. Why is this awesome? Because these secret messages are super safe! If someone tries to peek at them, the magic connection breaks, and they can’t figure out the message. This could help soldiers, banks, or even future space missions talk to each other without anyone spying! It’s like having a secret clubhouse code that only you and your best friend can understand, even from super far away. Pretty cool, right?

@LalitaReddi Eager to know more!

Anyone interested in a sneak peek of all the gotchas and challenges of opening a new manufacturing unit in India? Buying/renting land, constructing a shed, etc.?

Imagine someone in the private earning ₹2 lakhs a month. Sounds like a good salary, right? That’s ₹24 lpa. He pays around ₹4 lakhs in ITR, plus indirect taxes on everything he buys. Add EMIs, rent, bills, and daily expenses, how much can he realistically save? Maybe ₹3–6 lakhs a year. To save ₹2 crores, he’d need to work for 20–30 years. Now consider this: ₹2 crores, that’s the bribe an IRS officer demanded from a business to settle just one case. One case. What could be a person’s lifetime savings is another man’s bribe from just one case! Imagine what he’ll accumulate over a lifetime if not caught. Multiply that by lakhs of govt employees, bureaucrats, politicians, judges. Not saying all are corrupt, but even if 20% are, the scale of money hoarded is unimaginable. And yet, somehow, India continues to move forward. How we’re progressing despite this deeply institutionalised corruption is nothing short of a miracle.

@sanitarypanels And to think it's coded in their DNA! Amazing.

Seen like 10,000 butterflies fly past my balcony in Bangalore in the past few hours. They’re migrating before the monsoon starts. Nature is so gd amazing I’m 😭😭😭

@popat_sagar And that too working for one the companies that the rest of the world uses, I can imagine the scale indeed! Security is well planned and funded

It’s been 1.5 year at Microsoft Azure Security. I’ve learned so much about how security works at a huge scale and how we protect Azure services. After working in startups for many years, it’s amazing to see how security maturity can be in a big company.

This 7 year old video from 'The Print' explains about Kirana Hills and how important it is to Pakistan. Yesterday Indian Army has precisely targetted and attacked Kirana Hills and Sargodha Air base at Sargodha, Pakistan.