Andrey Labunets

474 posts

Andrey Labunets

Andrey Labunets

@isciurus

i.i.d. security researcher, vector space reverse engineering: artificial intelligence and artificial counterintelligence in R^d

San Diego Katılım Nisan 2011
510 Takip Edilen1.4K Takipçiler
Andrey Labunets retweetledi
Meredith Whittaker
Meredith Whittaker@mer__edith·
📣 NEW w/#UdbhavTiwari Mapping the technical reality & privacy/security perils of pushing AI agents into our infra We offer palliatives, but the core issues are paradigmatic: 'agency' relies on pervasive data access + ability to act w/o explicit consent. youtube.com/watch?v=0ANECp…
YouTube video
YouTube
English
5
30
112
18.8K
Andrey Labunets
Andrey Labunets@isciurus·
Happy New Year 2026, everyone! Scrobbling my 365-stats for 2025 below: camera-ready papers landed in journals: 2 new research projects delivered / papers produced: 2 papers read: ~250 papers guided / consulted on: 3 classes taken: 1 grants/fellowship proposals produced: 5 grants/fellowships received: 3 deadlines missed: nevermind.. media coverage/interviews: 2 vulnerabilities reported: 3 job interviews: 5 job offers received: 1 travel documents approved: 3 talks given: 8 ship given (up): none strings pulled: 6 keys pressed: 88 weighted gym visits: 112 thoughts thought: 🤔 new music improvisations produced: only 2 artists listened to: 1432 Research, if done properly, means pushing the limits at the frontier of what’s possible. Although it is never sports and only a few things can be quantified, whatever is measured can hopefully be tracked or increased! Many more vitals reports left to scrobble..😴
English
0
0
0
160
Andrey Labunets
Andrey Labunets@isciurus·
Reflecting more on the idea of uncommon interlinks and connectivity.. There is a staggering amount of drift from useful values in the global software market competition, but very few have been able to steer the game to a better one so far. The Signal team with meaningful codebases and scientific achievements have been well positioned to. And it is also still well positioned to receive a Merry Christmas from one of its users, myself! Even before and beyond Signal, a lot have been happening on the foundations of (cypher)punk culture and independent work - muchly thanks too where it is overdue. Competition, selection as an algorithm, or a broader idea of a social brain as a useful computation may start somewhere and grow somewhere. Q: should social brain function in a fast, single-round System 1 mode or in a higher-level, more abstract and algorithmic System 2 reasoning mode? 📚 en.wikipedia.org/wiki/Thinking,…
Moxie Marlinspike@moxie

When I was in highschool, a friend gave me a copy of "On The Road." It was a big part of what inspired me to wander into a freight train yard and climb on a 48 for the first time, or to stand by an on-ramp and stick my thumb out for a string of rides across the country a few years later. I remember reading it and wanting my life to feel as full, to have friendships as meaningful, to know so much more about what was "out there." On those trips I was always wide-eyed, writing poetry, talking to everybody, leaning forward into the road ahead. I'm in a re-reading phase, and I tried re-reading "On The Road" for the first time since I was a teenager. I actually couldn't finish it. Far from being inspiring, all I could think was that I'm glad that isn't my life. It seemed almost the inverse of everything that inspired me as a teenager: shallow relationships, absent of meaning, a small and almost unadventurous existence. This has been the same for almost everything I've re-read. It has made me realize that if I re-read something and am not disappointed, it probably means I've been doing something wrong.

English
0
0
0
328
Damek
Damek@damekdavis·
The critique was clearly written by claude who is obsessed with 'mechanistic understanding,' mentioning it twice in nonsensical ways.
English
1
0
4
468
Damek
Damek@damekdavis·
Today an 'AI peer review' company sent me an unsolicited review of my paper and i can't think of a better definition of hell 🫠🫠🫠🫠🫠🫠🫠🫠
English
2
0
39
3.7K
Andrey Labunets
Andrey Labunets@isciurus·
One of the endless problems around journalism and its interpretation is a conflict between reporting of the outliers invalidating the assumptions and the selection bias where outliers-only reporting mischaracterizes the base rate. Why can't future newspapers use bayesian statistics explicitly, gently reporting to a citizen: "The base rate of calamities was around x%. We know Y happened today! Now we believe the calamities are systemic, but only with z% probability. Got tips? Submit your deltas to our Signal: +..." How many debates would have been solved at the start, millions in cost savings on broadcasting, measurable CO2 reduction across the board.. (<--speculation).
English
0
0
0
212
Andrey Labunets
Andrey Labunets@isciurus·
@billmarczak Right, especially if a trigger/payload were sent via an end-to-end-encrypted channel, forensics would nearly hit the 'universe's limits'
English
0
0
0
49
Bill Marczak
Bill Marczak@billmarczak·
@isciurus If we're talking in-the-wild chains, all you really have to do to win as a defender is "fix enough to break the chain". It's generally pretty hard to obtain/understand every vuln that a chain exploits, so you might try to get as much as you can, and address that however you can.
English
1
0
0
181
Bill Marczak
Bill Marczak@billmarczak·
Remember the DNG exploit/LANDFALL samples that Unit42 found on VirusTotal? Google Project Zero also found them, and is out with a technical analysis of the DNG exploit. It turns out it's *unclear* whether these were actually part of a *zero-click* exploit googleprojectzero.blogspot.com/2025/12/a-look…
English
1
28
168
58.3K
Andrey Labunets
Andrey Labunets@isciurus·
Interesting. The dates of upload still match a possible debugging / independent analysis stage ("Between July 2024 and February 2025, 6 suspicious image files were uploaded to VirusTotal."). Hmm.. could a Paragon zero-click RCE be fully addressed server side if it's a client-side PDF parsing issue? Back in winter I thought there could still be a missing client-side 0day left undisclosed - especially given WhatsApp showed no evidence they understand all steps of the attack. But possibly I'm connecting unrelated events.
English
1
0
0
60
Bill Marczak
Bill Marczak@billmarczak·
@isciurus Well this one isn't in-the-wild, as far as I can tell. Google seems to have found it by reversing WhatsApp. Group issues could plausibly be mitigated server side, since (afaik) WhatsApp group-membership-change operations aren't end-to-end encrypted (contrast w/ iMessage, Signal)
English
1
0
1
164
Andrey Labunets
Andrey Labunets@isciurus·
@billmarczak, this WhatsApp's response playbook item reminds me the January finding which is also for Android: bleepingcomputer.com/news/security/… : 'The company addressed the attack vector late last year "without the need for a client-side fix"'. Is this new client-side vulnerability related to that past January attack or are those completely different? or do we even know?
English
1
0
0
90
Bill Marczak
Bill Marczak@billmarczak·
WhatsApp has not fully fixed the bug in the WhatsApp client yet, but have (apparently) partially mitigated it with a server-side fix. Google disclosed it publicly according to their transparency policy because their fix deadline elapsed.
English
2
0
8
1.6K
Andrey Labunets
Andrey Labunets@isciurus·
Great! Quick headline search suggests that the 'analytic tradecraft' is a proto scientific method. Institutionalizing science and scientific method in intelligence for more objectivity could be a new milestone (..well, why not?)
CIA@CIA

On this day in 1999, CIA's Sherman Kent School for Intelligence Analysis was created to facilitate a culture of lifelong learning and excellence in analytic tradecraft and leadership. Learn more: cia.gov/stories/story/…

English
0
0
0
396

Keşfet

@mer__edith @signalapp @damekdavis @billmarczak @elonmusk @BarackObama @taylorswift13 @cristiano