Jim Manico from Manicode Security

43.9K posts

Jim Manico from Manicode Security banner
Jim Manico from Manicode Security

Jim Manico from Manicode Security

@manicode

AI and AppSec Educator. Secure coding system prompts. https://t.co/gbW3ZLhURT

Kauai, HI and Cobb, CA Katılım Temmuz 2009
6.1K Takip Edilen17.2K Takipçiler
Sabitlenmiş Tweet
Jim Manico from Manicode Security
From my experience all software developers are now security engineers wether they know it, admit to it or do it. Your code is now the security of the org you work for. #GoldenAgeOfDefense
Wat Ket, Thailand 🇹🇭 English
35
245
595
0
Jim Manico from Manicode Security retweetledi
Katie Paxton-Fear
Katie Paxton-Fear@InsiderPhD·
so it turns out if you fine tune the model on snake_case examples you can bypass what little guardrails there are on 5.2 by the way (research my own)
Katie Paxton-Fear tweet media
Zack Korman@ZackKorman

@foilmanhacks It behaves virtually identically to opus lol. Even guardrails

English
4
6
35
4.7K
Jim Manico from Manicode Security retweetledi
@DoW_CIO
@DoW_CIO@DoW_CIO·
The DoW is immediately suspending CMMC Phase II requirements to clear bureaucratic roadblocks for the DIB. We must scale warfighter readiness, not paperwork. What you need to know: · Phase II & costly administrative burdens are paused. · Phase I self-assessments remain firmly in place. · NIST SP 800-171 Rev 2 and DFARS 252.204-7012 compliance are still required. · Focus is shifting to tangible cybersecurity and operational resilience, not red tape. To uplift cybersecurity while eliminating unnecessary bureaucracy, we’ve launched a 60-day review on the future of the program to be led by a CMMC Reform Task Force. We are also seeking industry perspectives from the DIB via our new RFI on driving scalable, realistic security measures and operational resilience without compliance burden. Watch the full remarks from @DoWCIODavies below. Read the press release: war.gov/News/Releases/… Learn More: dowcio.war.gov/brilliantbasic…
English
83
137
943
172.5K
Jim Manico from Manicode Security
Building high-quality software with AI is still a struggle. If you work for a regulated organization, you still need to carefully review PR’s, handle careful requirements and understand the business needs. Thinking that AI development is “easy” and does not require hard work and struggle is incorrect IMO.
English
0
3
4
279
Hiten Shah
Hiten Shah@hnshah·
Do people really want AI agents that run in Slack?
English
238
1
246
83.1K
Seb
Seb@plainionist·
Serious question: If junior developers skip the struggle because AI does the work, where will the next generation of seniors come from? 🤔
English
116
5
202
34.3K
Jim Manico from Manicode Security
A good friend sent me a picture of myself from 25 years ago to remind me what regular yoga did to me. Thanks for the inspiration! 🧘‍♀️
Jim Manico from Manicode Security tweet media
English
2
0
6
640
Jim Manico from Manicode Security
@ChrisO_wiki @IceSolst … I’m starting to feel that everyone is a bit autistic when under stress and not taking care of themselves. I know this is not 100% true but the more I study autism the more I see it everywhere.
English
0
0
1
50
ChrisO_wiki
ChrisO_wiki@ChrisO_wiki·
@IceSolst Another way of thinking of it is that far more people are basically autistic than is normally acknowledged...
English
4
1
87
6.1K
solst/ICE of Astarte
Blizzard employee once told me anti-botting in WoW was extremely challenging due to the number of real people that acted identically to bots. Every assumption was invalidated: - unbelievable # of consecutive hours played - consistently repetitive patterns of movement and clicks - farming patterns that aren’t considered fun (“why would anyone do that”) - solo, no external engagement - goes on for months The problem with botting is many humans ARE bots
Nikita Bier@nikitabier

When I first started at X, this is one of the things I did a deep dive on because I felt it was critical to the integrity of the experienced. I tasked our Threat Disruption team to investigate a number of trends that seemed artificial. The findings: We could not find meaningful examples of foreign interference in US policy discussions, except people gaming rev share in developing countries. This is what motivated the release of the Country of Origin feature and significant changes to the rev share algorithm. The most deranged & divisive replies generally were from residential IPs in the United States—with no signs of using a VPN. Ultimately, X is a reflection of the internet. And that means you will see the full spectrum of human thought. And sometimes the most outrageous takes will catch fire. Having said all of this, there can still be cases of narratives being boosted but the origin of the initial post is almost always domestic and we have hardened our systems in the last 3 months to prevent this.

English
353
1.5K
24.1K
2.3M
Jim Manico from Manicode Security retweetledi
OWASP Los Angeles
OWASP Los Angeles@owaspla·
#ClaudeCode, #Codex are changing software dev; speed != security. Join us Wed 7/22 to hear @manicode on 𝗦𝗲𝗰𝘂𝗿𝗲 #𝗔𝗜-𝗔𝘀𝘀𝗶𝘀𝘁𝗲𝗱 𝗗𝗲𝘃 w/ live demos: securely configuring AI coding tools, security-focused prompts... RSVP luma.com/owaspla #DevSecOps #GenAI
OWASP Los Angeles tweet media
English
0
4
7
1.6K
Gerald Beuchelt
Gerald Beuchelt@beuchelt·
@manicode Doubt it. Once complexity hits there are two ways out: replatform on standard software or create the EDS of 2026 and spin that out in 3-5 years. Targeted, well-designed niche development and limited transition will work. Everything else smells like AI snakeoil.
English
1
0
1
31
Jim Manico from Manicode Security
Apply this to the security industry. This is the future. 🤙
Luke Pierce@lukepierceops

Starbucks spends $400 million a year on software. Yesterday they announced they're moving off IBM and Microsoft to build their own custom systems in-house. IBM dropped 3% and Salesforce dropped 4% on the news. And honestly this is, unequivocally, the biggest signal I've seen since OpenAI and Anthropic launched their consulting arms back in Q1. The largest companies in the world are done paying for software that half fits how they work. We saw this coming about a year ago. Moved everything we build off Airtable and low-code tools and went fully custom. Already paying off, and it's only going to compound from here. This is the opportunity right now. You get all of a company's data into one system. You build out a single operating system for the entire business. You cut out bad, redundant processes. Then you layer AI on top of it, under the correct processes. That's the core of AI consulting. Helping companies actually operate better. There are a lot of fly-by-night offerings circulating right now when it comes to Ai Services. For example, 'second brains'. Throwing scattered data into a second brain while the processes underneath stay broken does nothing. The companies who will absolutely destroy their competition over the next 5 years are rebuilding how they work from the ground up. Starbucks is showing you what other companies will be doing over the next several years. Your job is to position yourself to facilitate that process for as many companies as you can.

English
3
2
22
5.2K
luna
luna@ImLunaHey·
what IDE is everyone using nowadays?
English
204
0
81
38.9K
Aaron Bregg
Aaron Bregg@Tychoash·
@manicode The thing about your posting this is that my wife and I were just talking about how I am going to move away from MS Office for Personal use since I found a ‘hidden’ AI service run when Outlook is open. Yet when checking and seating other programs/settings for ‘installed’ AI.
English
1
0
1
27
Jim Manico from Manicode Security
@Tychoash I’m watching sharp AI dev’s for big companies AI-code custom DevOps frameworks, build custom security scanners leveraging AI, and more. It’s happening. And it’s accelerating…
English
0
0
1
14