Jim Manico from Manicode Security

From my experience all software developers are now security engineers wether they know it, admit to it or do it. Your code is now the security of the org you work for. #GoldenAgeOfDefense

okay im calling it officially. codex is cracked. if you're a bb hunter and you dont have a hackbot set up yet, i recommend codex with gpt5.5 over claude code.

An early beta of Grok Build, an agentic CLI for coding, building apps, and automating workflows is now available for SuperGrok Heavy subscribers. Through this early beta, we will improve the model and product based on your feedback. Try it at x.ai/cli

- @Adobe just rolled out an AI Bonus Tier that pays more than their already well-paying Tiers 1 and 2 at every severity, with up to $15k for crits. Prompt injection, model abuse, data leakage and more are all explicitly listed, so plenty of room to go crazy on the new AI scope. blog.adobe.com/security/adobe…

@GrandpaRoy2 @octal tomshardware.com/tech-industry/…

A kit available on the internet turns an ordinary paper airplane made from a sheet of A4 paper into a real mini-drone. I can’t help looking at this whimsical little thing and picturing how it could be scaled up and weaponized for use in Ukraine.

@manicode @DanielMiessler or let’s build custom hardware that’s more cost efficient and build optimized open source machines to lean local AI 🤷🏻‍♂️

@aitization @DanielMiessler I think that’s super solid, the AMD AI machines I’ve seen are super cheap and monstrous. I need a bit of plug and play myself but that’s not for everyone. 🤙

What if the American companies are walking a tightrope named token subsidies, and beneath them a net awaits their fall. And that net is Chinese cloud-based opensource models that are 1/100th the cost. Then they parse every request for data and ideas.

Most hard core developers use *both*. Don’t listen to this divisive crap.

That's my chain — a full chain w/ logic bugs only! No memory corruption, no AI, and of course no collisions at all 😉

Github made Github actions require approval before being run...I think that's a good move for obvious reasons

One of the features of the OWASP AISVS standard is a research wiki explaining all of our requirements in detail. @manicode keeps this updated after each major change. github.com/OWASP/AISVS/tr…

Been following Lenny’s guidance on this for over a decade. 🤙

@GsInfosystems @theo Noted

@theo @manicode Are we scared? This is literal FUD.

Security things from the last few days: - CopyFail (linux pwn'd) - CopyFail 2/Dirty Frag - 13 advisories in Next.js - Over 70 CVEs addressed in MacOS 26.5 - ~50 CVEs addressed in iOS 26.5 - YellowKey (Windows Bitlocker pwn'd entirely) - GreenPlasma (Windows privilege escalation) - CVE-2026-21510 and CVE-2026-21513 confirmed to be used by Russia for Windows RCE - CVE-2026-32202 separately confirmed to be used by Russia for sensitive document access - Mini-Shai Hulud (over 300 JS and Python packages compromised via GitHub Action cache poisoning) - Google confirms they have identified AI-powered exploitation of zero days in an unidentified "open-source, web-based system administration too" - Canvas (popular LMS used in most schools) pwn'd entirely - PAN-OS (palo alto networks) pwn'd with a 9.3 severity CVE-2026-0300 Are you scared yet?

A lot of AI agent security still feels problematic from a security perspective. I like what @honeybadgerhack and the Assury team are building in the MCP gateway product category. Worth a look: assury.ai

@bearlyai @m_ueberall How did your Claude account get hacked? Oh yea through my Clawdmeter…

Someone made a small hardware device for the desk that monitors Claude token usage. Calls it Clawdmeter. Kinda genius.

Shai-Hulud, that spoopy Git worm thingy everyones been yapping about, was open-sourced. Unfortunately, GitHub has removed the repo. This is terrible news. It can no longer be studied... unless there was someone who collected this sort of thing and has a local copy...

I'm delivering a free 60-min webinar on Fri May 29 @ 10 AM PT. I'll be doing a live demo on setting up a secure Claude Code setup with the Manicode Secure Coding Prompts, and Claude Code + Codex side by side. 100% live demo + open Q&A. Register: us06web.zoom.us/meeting/regist…

I'm running a webinar on "secure and mature" setup with Claude Code for software development. This stars in 90 minutes for the European community. manicode.com/webinar/ + us06web.zoom.us/meeting/regist… I hope to see you there!