Matias 🧉

@AnthropicAI published a way to read LLM’s inner thoughts last week (Natural Language Autoencoders). 2 days later, we spent 36h straight hours at @platan_ventures Hack Buenos Aires, were we built an open-source system that uses it to detect deception and steer models back into alignment. Here’s what we found:

Ya vieron el logo nuevo de @joyco_studio o les aviso por FAX?

Thanks to @cursor_ai cafe for inviting me to talk about agent orchestration It was a 20 minute talk and we ended up discussing about agents for about an hour, so much energy, interesting minds… and excellent coffee

Thanks to @cursor_ai cafe for inviting me to talk about agent orchestration It was a 20 minute talk and we ended up discussing about agents for about an hour, so much energy, interesting minds… and excellent coffee

🇦🇷 A threat actor is advertising the alleged sale of a massive database purportedly linked to Argentina’s Ministry of Health (“Ministerio de Salud de Argentina”), claiming the dataset contains information on virtually the entire Argentine population. According to the underground post, the actor claims: • approximately 52 million records (“lines”) • roughly 700 GB of total data • nationwide citizen coverage • segmented database access available upon request • direct sales conducted through Session messenger The post explicitly claims: • “all Argentinians are in this database” • full ministry-related database access • the ability to provide specific subsets of the data to buyers The screenshots shown in the listing appear to reference: • citizen profile photographs • identity-linked medical or administrative records • large-scale structured datasets • government-related health infrastructure If authentic, exposure of a dataset at this scale would represent an extremely serious national-level privacy and security incident involving: • sensitive personal information • healthcare-related data • citizen identity records • biometric/profile image exposure • administrative government datasets The scale being advertised is notable because large centralized healthcare or government datasets can potentially enable: • mass identity theft • healthcare fraud • nation-scale phishing campaigns • biometric correlation efforts • impersonation attacks • social engineering operations • intelligence collection • large-scale doxxing activities At this time: • the authenticity of the dataset has NOT been independently verified • the actual source of the records remains unknown • it is unclear whether the data originated from direct compromise, aggregation, prior leaks, insider access, or reposted archives • no official confirmation from Argentine authorities has been observed • the actor’s claims may be exaggerated for visibility and monetization purposes Threat actors frequently inflate: • record counts • exclusivity claims • access levels • operational impact • “entire country” narratives to increase underground market value and attract buyers. However, the healthcare sector and public-sector identity repositories remain among the highest-value targets in the underground economy due to: • long-term fraud utility • rich identity attributes • credential reset usefulness • correlation with tax and healthcare systems • high phishing effectiveness The reference to selling “specific databases” separately is operationally important because attackers increasingly: • fragment large datasets • resell subsets multiple times • bundle government and healthcare records • monetize targeted demographic groups independently • provide custom-filtered exports to buyers If legitimate, datasets of this type could potentially contain combinations of: • names • national identifiers • healthcare information • addresses • contact details • demographic records • profile photographs • administrative metadata Healthcare and government organizations should continuously monitor for: • unauthorized bulk exports • exposed APIs • weak identity federation controls • cloud storage misconfigurations • privileged insider abuse • exposed citizen registries • insecure image/document repositories • dark web redistribution activity If verified, response priorities would likely include: • national-level incident response coordination • citizen notification procedures • credential and identity protection measures • fraud monitoring initiatives • law enforcement coordination • infrastructure access auditing • API exposure reviews • underground monitoring for secondary resale activity DDW is continuing to monitor: • additional validation attempts • sample analysis activity #CyberSecurity #ThreatIntelligence #DarkWeb #DataBreach #Argentina #HealthcareSecurity #GovernmentSecurity #CyberCrime #DDW