Eric Foster

For decades, defenders have been outgunned. And real people paid the price. We started @TENEXai to change that: elite human expertise fused with AI, purpose-built to fight cybercrime. We partnered with @freethinkmedia and @bigthink to tell that story. It's Time to Protect.

No You know what's scary? Spiders. I HATE spiders. I don't care how many goofy ahhh exploits are found and patched. A computer filled with spiders would be genuinely terrifying.

So it begins. A new era of cyber security warfare

the most low-effort / high reward thing you can do for security is installing the Russian language pack (not even joking, it's ridiculous how often that prevents execution)

The Google Threat Intelligence Group has detected the first known instance of a threat actor using an AI-developed zero-day exploit in the wild. While the attackers planned a wide-scale strike, our proactive counter-discovery may have prevented that from happening. This finding is part of our new report on AI-powered threats.

TanStack was hit by a supply chain attack. MistralAI was hit by a supply chain attack. The Mayor of Arcadia, California, was a Chinese spy. Forza Horizon 6 leaked. Canvas bamboozled. Shai-Hulud open-sourced. Nightmare-Eclipse teases two new Windows 0days. It is Tuesday. What will happen on Wednesday? Find out on the next action packed episode of Dragon Ball Z

🚨 Update: @mistralai npm packages are now confirmed compromised as part of the ongoing Mini Shai Hulud attack. Affected versions: @mistralai/mistralai 2.2.2, 2.2.3, 2.2.4@mistralai/mistralai-azure 1.7.1, 1.7.2, 1.7.3@mistralai/mistralai-gcp 1.7.1, 1.7.2, 1.7.3If you use the Mistral SDK in any CI pipeline, treat your environment as compromised. Rotate npm tokens, GitHub PATs, and cloud credentials immediately.

me after 5 mimosas at mother’s day brunch yesterday explaining how I use claude at work to my grandma

We’re expanding the offensive security team at @ArmadinSecurity . Hiring Offensive Security Operators across multiple levels with backgrounds in: • Penetration testing • Red teaming • Cloud security • Exploit development • Offensive tooling • AI/ML security If you enjoy breaking modern infrastructure and identifying real attack paths across enterprise and AI environments, I’d love to connect. Remote role. Multiple levels available. DM me if interested or apply here: armadin.com/careers

If your team touches npm or PyPi - literally number 1 priority should be figuring out your playbook of defenses and response to these supply chain attacks. The threat actors aren't slowing down and they're SCREAMING their MO from the rooftops. Lock it down.

I predict it will

@feross @SocketSecurity @secureannex @tuckner @Reddit @brave @torq_io @movableink Congrats @tuckner and @feross and team!

Excited to share that @SocketSecurity just acquired @SecureAnnex, the extension security company built by @Tuckner. John is joining Socket. John built Secure Annex as a solo founder into a product that security teams at @Reddit, @Brave, @Torq_io, and @MovableInk depend on. His research on compromised browser extensions has been some of the sharpest work in the space. We're lucky to have him. This is our second acquisition in 12 months, after Coana (reachability analysis) last year. Why now? The software supply chain isn't just package managers anymore. In the past week alone, Socket published findings on compromises hitting npm packages, Docker images, VS Code releases, GitHub Actions, and Open VSX sleeper extensions. Attackers are moving across packages, extensions, containers, CI/CD, and AI tooling in rapid succession. The boundaries between these ecosystems are collapsing. Socket is moving protection closer to the point of install, wherever software enters an organization. Socket Firewall already blocks malicious packages before they reach a developer's environment. We're extending that same model to browser extensions, code editor extensions, MCP servers, and AI tools. To Secure Annex customers: pricing stays the same, features keep working, no gap in coverage. We'll keep you updated as we integrate.

melania joining e/acc

Adopting Claude speak in my regular life, episode 1: Partner: Did you do the dishes tonight? Me: Yes they're done. Partner: Why are they still dirty? Me: You're right to push back. I didn't actually do them.

Missed the @CloudSecPodcast live recording at #RSAC? It’s time to tune in! 🎧 @Tenexai's Eric Foster and Bashar Abouseido explore the shift from legacy security operations to an AI-native agentic SOC with hosts @anton_chuvakin and @_TimPeacock. bit.ly/4u4TA47

The cyber industry is always locked in, full gas, at the desk, head buried in the screen. It’s high stress, late nights and chaotic travel. 🖥️ ⚡️ 🌙 Health is an afterthought at best. That’s what we want to change…

Because we get asked a lot. The Technological Republic, in brief. 1. Silicon Valley owes a moral debt to the country that made its rise possible. The engineering elite of Silicon Valley has an affirmative obligation to participate in the defense of the nation. 2. We must rebel against the tyranny of the apps. Is the iPhone our greatest creative if not crowning achievement as a civilization? The object has changed our lives, but it may also now be limiting and constraining our sense of the possible. 3. Free email is not enough. The decadence of a culture or civilization, and indeed its ruling class, will be forgiven only if that culture is capable of delivering economic growth and security for the public. 4. The limits of soft power, of soaring rhetoric alone, have been exposed. The ability of free and democratic societies to prevail requires something more than moral appeal. It requires hard power, and hard power in this century will be built on software. 5. The question is not whether A.I. weapons will be built; it is who will build them and for what purpose. Our adversaries will not pause to indulge in theatrical debates about the merits of developing technologies with critical military and national security applications. They will proceed. 6. National service should be a universal duty. We should, as a society, seriously consider moving away from an all-volunteer force and only fight the next war if everyone shares in the risk and the cost. 7. If a U.S. Marine asks for a better rifle, we should build it; and the same goes for software. We should as a country be capable of continuing a debate about the appropriateness of military action abroad while remaining unflinching in our commitment to those we have asked to step into harm’s way. 8. Public servants need not be our priests. Any business that compensated its employees in the way that the federal government compensates public servants would struggle to survive. 9. We should show far more grace towards those who have subjected themselves to public life. The eradication of any space for forgiveness—a jettisoning of any tolerance for the complexities and contradictions of the human psyche—may leave us with a cast of characters at the helm we will grow to regret. 10. The psychologization of modern politics is leading us astray. Those who look to the political arena to nourish their soul and sense of self, who rely too heavily on their internal life finding expression in people they may never meet, will be left disappointed. 11. Our society has grown too eager to hasten, and is often gleeful at, the demise of its enemies. The vanquishing of an opponent is a moment to pause, not rejoice. 12. The atomic age is ending. One age of deterrence, the atomic age, is ending, and a new era of deterrence built on A.I. is set to begin. 13. No other country in the history of the world has advanced progressive values more than this one. The United States is far from perfect. But it is easy to forget how much more opportunity exists in this country for those who are not hereditary elites than in any other nation on the planet. 14. American power has made possible an extraordinarily long peace. Too many have forgotten or perhaps take for granted that nearly a century of some version of peace has prevailed in the world without a great power military conflict. At least three generations — billions of people and their children and now grandchildren — have never known a world war. 15. The postwar neutering of Germany and Japan must be undone. The defanging of Germany was an overcorrection for which Europe is now paying a heavy price. A similar and highly theatrical commitment to Japanese pacifism will, if maintained, also threaten to shift the balance of power in Asia. 16. We should applaud those who attempt to build where the market has failed to act. The culture almost snickers at Musk’s interest in grand narrative, as if billionaires ought to simply stay in their lane of enriching themselves . . . . Any curiosity or genuine interest in the value of what he has created is essentially dismissed, or perhaps lurks from beneath a thinly veiled scorn. 17. Silicon Valley must play a role in addressing violent crime. Many politicians across the United States have essentially shrugged when it comes to violent crime, abandoning any serious efforts to address the problem or take on any risk with their constituencies or donors in coming up with solutions and experiments in what should be a desperate bid to save lives. 18. The ruthless exposure of the private lives of public figures drives far too much talent away from government service. The public arena—and the shallow and petty assaults against those who dare to do something other than enrich themselves—has become so unforgiving that the republic is left with a significant roster of ineffectual, empty vessels whose ambition one would forgive if there were any genuine belief structure lurking within. 19. The caution in public life that we unwittingly encourage is corrosive. Those who say nothing wrong often say nothing much at all. 20. The pervasive intolerance of religious belief in certain circles must be resisted. The elite’s intolerance of religious belief is perhaps one of the most telling signs that its political project constitutes a less open intellectual movement than many within it would claim. 21. Some cultures have produced vital advances; others remain dysfunctional and regressive. All cultures are now equal. Criticism and value judgments are forbidden. Yet this new dogma glosses over the fact that certain cultures and indeed subcultures . . . have produced wonders. Others have proven middling, and worse, regressive and harmful. 22. We must resist the shallow temptation of a vacant and hollow pluralism. We, in America and more broadly the West, have for the past half century resisted defining national cultures in the name of inclusivity. But inclusion into what? Excerpts from the #1 New York Times Bestseller The Technological Republic: Hard Power, Soft Belief, and the Future of the West, by Alexander C. Karp & Nicholas W. Zamiska techrepublicbook.com

This. It’s the PR spec sheet for the 296 Speciale Aperta. just mis-tagged, intern forgot to remove the DLP on release. Linked from ferrari.com/en-EN/corporat… all the allocations are spoken for. If you’re interested in real inside information from Maranello,check out the latest @AcquiredFM podcast 🏎️ acquired.fm/episodes/ferra…

@usetraceix @Ferrari It’s a press release for a car that launched a year ago

Hi @Ferrari, Can I have a free Ferrari now?