Ivan at Wallarm / API security solution

Tired of scrolling the whole ATT&CK matrix mid-engagement? We use the BEAR Security Model instead: B – Break in E – Expand foothold A – Ascend privileges R – Rule the environment Same kill chain logic, zero clutter. Perfect for live pentests, reports, and exec briefs.

Design Conductor: an AI agent that can build a RISC-V CPU core from design specs. The agent is given access to a RISC-V ISA simulator and manuals... to enable an end-to-end verification-driven generation. The most important thing for design intelligence is a verifier 😎

Thank you Jensen and NVIDIA! She’s a real beauty! I was told I’d be getting a secret gift, with a hint that it requires 20 amps. (So I knew it had to be good). She’ll make for a beautiful, spacious home for my Dobby the House Elf claw, among lots of other tinkering, thank you!!

🦞 Make claw agents safer with our new NVIDIA OpenShell – an open source runtime to build with autonomous evolving agents. 🐚 OpenShell sits between your agent and your infrastructure to govern how the agent executes, what the agent can see and do, and where inference goes. 🔐 Gives you fine-grained control over your privacy and security while letting you benefit from the agents’ productivity. Run one command—and make zero code changes. Then any claw or coding agent like OpenClaw, Anthropic’s Claude Code, or OpenAI’s Codex can run unmodified inside OpenShell. Every SaaS company just became an agent company. The missing piece was never the agents — it was the infrastructure that makes them safe enough to deploy. That's OpenShell. Technical blog to learn more ➡️ nvda.ws/4brnAPW

Just found a simple Cloudflare WAF bypass 👀 <img src=x onerror=alert()> → blocked by Cloudflare <Img Src=OnXSS OnError=alert(document.domain)> → bypasses the WAF and triggers the alert. #BugBounty #BugBountyTips #WAFBypass

A little bit about the weather in Austin. Deviation for depression

NVIDIA to get into agentic bots battle nemoclaw.bot

Andrej Karpathy just published a GitHub repo that hints at self-evolving software. It’s called autoresearch. And the idea feels like evolution applied to research. Instead of humans manually running experiments, an AI runs a continuous loop: mutation → AI edits the code selection → run experiment fitness → measure performance survival → keep improvements repeat Each experiment becomes a generation. Bad mutations disappear. Good ones survive. The system slowly evolves better models. The crazy part — the repo is almost empty: prepare.py train.py program.md You don’t write the research code anymore. You write the goal. Inside program.md you describe what the system should optimize: reduce validation loss try architecture tweaks test new hyperparameters keep improvements Then the agent runs experiments automatically. While you sleep. Nature needed millions of years to evolve complex systems. AI can run thousands of generations overnight. One researcher. Thousands of experiments. Continuous evolution. Code: github.com/karpathy/autor…

If you’re into AI and agents and such, I released something I think is currently sorely missing - institutional memory that your agents can access you might find this useful github.com/l33tdawg/sage/

Today we are introducing a Python SDK for Mac's on-device LLM! github.com/apple/python-a… apple.github.io/python-apple-f…

Over the CNY holidays, I decided to build something that imho is 'peak agentic AI' 🤣 - the world's first self-evolving CTF platform! AI agents design, validate, calibrate, and evolve security challenges autonomously. levelupctf.com Here's the full story 🧵

PAN-OS flaw CVE-2026-0229 allows unauthenticated attackers to trigger reboot loops & maintenance mode via malicious packets. Patch immediately. #PaloAltoNetworks #PANOS #CyberSecurity #CVE20260229 #NetworkSecurity #InfoSec #Firewall securityonline.info/crash-loop-pal…

Vulnerability Summary: Endpoint: GET /rest/v1/contacts Severity: CRITICAL (9.8 CVSS) Weakness: CWE-284 - Improper Access Control Impact: ANY authenticated user can view ALL contact form submissions #BugBounty #PII

I just woke up Claude Code Agent Swarm on local Qwen3 Coder Next. No cloud. No Internet. No quota anxiety. No 'You've hit your limit, resets 10 pm' One GB10 GPU - 100 tokens/sec generation - 17,871 tokens/sec read top speed - 256k context window - Swarm tool calling just works

👼GatewayToHeaven (CVE-2025-13292). I discovered a cross-tenant vulnerability in @GoogleCloud's #Apigee, allowing me to access other organizations' data (and sometimes even plaintext JWTs of end users). Below is the full breakdown of the exploit chain⛓️

Left: Huawei Atlas DUO, 96GB VRAM <$2.000 Right: Nvidia RTX 6000, 96GB VRAM >$10.000 This is starting to get interesting.

Microsoft killed the GPU mafia 🤯 They finally open-sourced their 1-bit LLM inference framework called bitnet.cpp. It lets you run 100B parameter models on your local CPU without GPUs. - 6.17x faster inference - 82.2% less energy on CPUs 100% Open Source.