Ståle Pettersen

The internet has survived a period where a handful of late teens and early 20s kids were the only ones that knew about pre-malloc integer overflows as a bug class, and you could "grep malloc | grep \*" to find a bug in OpenSSH. This is why I am pretty chill about Mythos.

Do this in planning mode 1) hey Claude, please do a deep security code review of my repo using multiple agents. Save the results as a GitHub issue for tracking 2) hey Claude, please look at my code review results and triage to make sure there are no false positives This is my #personalMythos for over a year now 🤷‍♂️ it’s already here!

Lol 😂😂

People don't realize how absurd this view actually is. A camera. On a robot. On Mars. Built by humans on a planet 140 million miles away, launched on a rocket, landed using a sky crane, and now driving across an alien desert taking pictures so detailed you can count the rocks. 100 years ago, your great-grandparents thought airplanes were a miracle. You are scrolling past Mars on your phone.

A response to recent reporting in Germany, in service of clarity and accountability: First, it’s important to be precise when it comes to critical infrastructure like Signal. Signal was not “hacked” — in that our encryption, infrastructure, and the integrity of the app’s code was not compromised. However, sophisticated attackers have engaged in a harmful phishing campaign, posing as “Signal Support” by changing their profile display name and using social engineering to trick people into handing over their credentials — information that allowed these attackers to take over some targeted Signal accounts. This is something that plagues any mainstream messaging app once it reaches the scale of Signal, but we know how high the stakes are given the trust people place in us. In the coming weeks, you’ll see us rolling out a number of changes to help hinder these kinds of attacks. Because we don’t collect user data, what we know about these attacks comes from the victims of phishing. And from what victims have told us, the attacks followed a broad pattern: after tricking people into revealing their Signal credentials, attackers then used those credentials to take over their account and also frequently changed the associated phone number. Because such a change results in de-registering your Signal accounts, attackers prepared people for this by telling them that being de-registered was intended behavior, and that all they would need to do is “re-register,” or, create a new account. When they moved to create a new Signal account — one that was now decoupled from their hijacked account — the victims thought they were logging back in to their primary account. As a result, many didn't notice the takeover. The compromised accounts were then weaponized to target the victims' contact lists by posing as the owners of the account. We understand the trust that people put in Signal, and how devastating this kind of social engineering can be. While it’s true that all messaging platforms are susceptible to scammers and phishing that betrays people’s trust and convinces them to “unlock the front door” where no backdoor exists, we are looking to do everything we can to help people avoid and detect such scams. For the time being, please stay vigilant against phishing and account takeover attempts. Remember that no one from Signal Support will ever send you a message request or ask for your registration verification code or Signal PIN. For an added layer of protection, you can enable Registration Lock in your Signal Settings (Account -> Registration Lock).

Spot on! If it costs $100 000 in tokens, it has to be taken into account. It has always been a question about cost per finding, and it still is:)

meant to write such a post, but now wont have too, thanks @FiloSottile words.filippo.io/128-bits/

This is my "psychoanalysis by X" thread, yes, another one. Why am I so triggered by advice "patch this <broad class of vulns> immediately" given with no awareness of my business/mission? (1/5)

Learning to Jailbreak an iPhone with Claude (Part 1) Claude helped me take apart an iOS Safari exploit, and retune it for my Mac. It even wrote its own variant. Working with Claude on this felt like having a Nobel laureate who’s happy to spend the afternoon on undergrad problem sets. No implied “this is beneath me,” no rationing of attention to questions that are interesting enough. When an explanation wasn’t landing it would just go build the thing: spin up the debugger, write the measurement script, hand me the curve. The vulnerable WebKit wouldn’t even compile on my laptop at first, and it took Claude most of a night to figure out why. This is perhaps a glimpse of the future of education: anyone with a laptop and (of course) the tokens to pay for it gets the depth of attention a PhD advisor gives their best student. During this exploration, I kept wondering: why learn at all when Claude can do almost everything? The answer is simple: it’s still fun to understand how things actually work. But there’s also a more practical reason. You can’t ask Claude about things you don’t even know you’re missing. Learning shrinks those unknown unknowns, and that’s what lets you use Claude well in the first place. open.substack.com/pub/calif/p/le…

We just released code for Meta-Harness! github.com/stanford-iris-… Aside from replicating paper experiments, the repo is designed to help users implement good Meta-Harnesses in completely new domains! Just point your agent at ONBOARDING.md and have a conversation

Yes exploits alone won't bring us doom.But the same model that got really good at exploits is also going to be really good at infostealers and leveraging credential theft and leveraging initial access and laying down more sneaky persistence footholds and finding priv esc etc 1/

Calif is on such a roll. "Vulnerability research is cooked", I said last week; alternate possibility: vulnerability research is now the funnest thing in the world. Getting a highly situational nginx bug working w/ Claude: blog.calif.io/p/claude-human…

Highly recommended reading!

For most of 2025, I was skeptical that AI was already playing a major operational role in real intrusions. Most public examples seemed limited to phishing and supporting tasks. This report by my friend Eyal Eyal lines up with what I have been hearing elsewhere, too - in recent publications and in private conversations with people seeing this stuff up close. I think that phase is over. AI is moving into the operational core of attacks. With stronger models, open models, and jailbroken variants circulating, the economics have changed. Tailored tooling, exploit adaptation, and large-scale analysis get cheaper and faster. I expect AI to play a major role in future campaigns, and that means more variation, more fresh tooling, and less reliance by attackers on recycled code. All the more reason to focus on controls and detections that do not depend only on known samples. Worth reading.

having a model that's supposedly too dangerous to release to the public but it's okay to use for b2b sales and marketing is hilarious

I was fired from Anthropic today. I was the engineer responsible for shipping the latest dev/claude-code npm package. Wanting to improve the debugging experience for the team, I decided to include source maps in the release. This resulted in our entire internal codebase being publicly exposed including thousands of files with every agent command, all system prompts, the complete query engine, Undercover Mode, Bypass Permissions Mode, and our internal telemetry configuration. I take full responsibility. I genuinely believed the safeguards Claude Code had built for me would be adequate and it was a serious miscalculation on my part. My actions have unintentionally open-sourced major parts of Claude’s architecture well ahead of schedule. I apologize to the team and to Claude.

🤯BREAKING: AI Token vs humans. Which is cheaper? Companies are just not doing the math! Data from MIT and Gartner shows the real cost structure of AI implementations $0.01 model call → $0.40–$0.70 fully loaded. 19% slower. Developers *think* they're 20% faster. $270K/year hidden cost for a 10-person eng team. → Raw token price = tip of the iceberg → Agentic complexity compounds monthly bills 4x → Only 23% of AI-exposed wages are economic to automate → By 2030, AI customer service may cost MORE than offshore humans The gap between AI capability and labor displacement is real. It IS the adoption curve. The J-curve! ATMs took 40 years to displace tellers. Spreadsheets grew the accounting workforce. The pattern is consistent. Read my full breakdown 🧵priyankavergadia.substack.com/p/ai-is-cheape…

He said in this video that finding 0-days with Claude wasn’t possible 3–4 months ago but at @0dinai we were already doing it back in Feb/March 2025. We called the technique “OH LAWWWD.” We talked about it multiple times on podcasts and even demoed it live at @ekoparty last October. We asked the crowd to pick any target someone said Discord. We found 10 zero days in under 15 minutes. 1k retweets and I will release the monolithic prompt!

Excited to share QLCoder - an agentic framework for synthesizing static analysis queries for vulnerability detection ICLR 2026 poster session 1 on Thursday 4/23 Link to paper and code in thread below