Pluto Security

45 posts

Pluto Security banner
Pluto Security

Pluto Security

@pluto_security

Everyone is a builder now. Security needs visibility and control - without slowing innovation.

Katılım Aralık 2025
1.9K Takip Edilen2.3K Takipçiler
Pluto Security
Pluto Security@pluto_security·
The AI ecosystem is the wild west 🐎 You connect a new MCP, skill, or agent... and find out it's sketchy after the damage is done. We built Market Space - discover & install AI tools that are secure by default 🪐 plutonium.pluto.security
English
0
3
30
897
Pluto Security retweetledi
Yotam Perkal
Yotam Perkal@pyotam2·
A few things the #Miasma source code reveals about this supply chain attack that weren't in the existing research 🧵
Yotam Perkal tweet media
English
3
3
19
2K
Samyak Jain
Samyak Jain@silver_samyak97·
@pluto_security This is the uncomfortable AI infra lesson: a config flag is not a boundary. If model loading can execute surprising behavior, teams need boring controls: provenance, sandboxing, pinned versions, egress limits, and logs when the loader touches network/filesystem.
English
1
0
1
28
Pluto Security
Pluto Security@pluto_security·
The security assumption every AI team gets wrong: "As long as trust_remote_code=False is set, we are safe." ❌ We put that to the test. What we uncovered is a critical RCE vulnerability in @huggingface Transformers (CVE-2026-4372) that completely bypasses this control. A thread on how a routine model load turns into complete environment compromise 👇 1/3 🔍 The Exploit & ScaleBy abusing model configuration fields, an attacker can embed a malicious payload inside a configuration file. It executes arbitrary code even with remote code disabled. The affected versions were downloaded over 232M times while live. 2/3 🚨 The RiskSuccessful exploitation means full environment compromise—exposing cloud credentials, API keys, source code, and proprietary datasets. Impacts Transformers versions 4.56.0 through 5.2.x. 3/3 🛡️ Remediation• Upgrade to version 5.3.0 immediately. • Audit previously downloaded model configurations. • Move beyond checkbox security—static ecosystem flags aren't enough. Kudos to the Hugging Face team for the quick patch collaboration. 👇 Full technical breakdown link in the replies!
Pluto Security tweet media
English
2
1
33
1.4K
Pluto Security
Pluto Security@pluto_security·
Last time, we published ClaudeSec - our security-first hub for the Claude ecosystem. Now, CopilotSec is officially LIVE. A new community knowledge hub for security of the Microsoft AI ecosystem, powered by Pluto. Ever wanted a single place to understand what Microsoft AI connectors actually do? Wondered which ones are high-risk? Trying to figure out how to securely deploy Copilot Studio, agents, MCP servers, or AI workflows in production? That’s exactly why we built CopilotSec. Inside you’ll find: 1,718 Microsoft ecosystem connectors mapped by capability and riskSecurity guides for Copilot Studio and Microsoft AI deploymentsCurated security updates and findings that actually matter to security teams Built for practitioners. Open to everyone. Give it a try and let us know what you think! Link in the first comment 👇
English
2
0
17
872
Pluto Security retweetledi
Tech with Mak
Tech with Mak@techNmak·
Someone finally built a security database for the Claude ecosystem. It's called ClaudeSec, and Pluto Security just launched it for free. Here's the gap it fills => 53 new Claude connectors shipped in the last 30 days. Your security team reviewed zero of them. Someone on your team authorized at least one. Most enterprises adopting Claude have no process to evaluate connectors before authorization. ClaudeSec tracks 384 connectors. 103 flagged high risk. That's around 27% of the ecosystem. Every entry shows: → What capabilities the connector actually has → What tools it exposes to the model → Why it's rated risky → Source-code findings where they did the review Security guides are live for Claude Managed Agents and Cowork. Real configuration - policies, hooks, permission scopes, allow/deny rules. The Cowork guide is the one Enterprise teams need to read first. Cowork runs code, browses with real user sessions, and operates unattended. The architecture is solid, gVisor sandbox, layered network controls. But Cowork activity is excluded from Audit Logs, the Compliance API, and Data Exports. All plan tiers. Including Enterprise. Your visibility tools don't see what Cowork is doing. Claude Code and Office Agents guides ship next. The curated news feed flags CVEs and incidents as they happen. The window between a connector being compromised and detection is roughly 3 hours. The feed is built around that window. Read here: ClaudeSec: claudesec.pluto.security Launch blog: pluto.security/blog/introduci… Cowork teardown: pluto.security/blog/claude-co… Thanks to @pluto_security for supporting this post.
Tech with Mak tweet media
English
3
14
36
2.4K
Pluto Security
Pluto Security@pluto_security·
@eugeneychan Exactly. Deployed means running. Governed means you actually know what it's doing!
English
0
0
0
19
Pluto Security
Pluto Security@pluto_security·
The average enterprise now runs 37 deployed AI agents. More than half have zero security oversight or logging. You can't govern what you can't see.
English
2
0
2
315
Pluto Security
Pluto Security@pluto_security·
@sama @VampireGurlAI Big move. Most enterprises are still figuring out how to govern the AI they already have. Now they need to secure what's securing them too.
English
1
0
3
363
Sam Altman
Sam Altman@sama·
OpenAI is launching Daybreak, our effort to accelerate cyber defense and continuously secure software. AI is already good and about to get super good at cybersecurity; we'd like to start working with as many companies as possible now to help them continuously secure themselves.
English
733
308
5.5K
441.2K
Pluto Security
Pluto Security@pluto_security·
@AnthropicAI Opening up bug bounties is the right call. Finding the vulnerability is step one. The harder question is what happens in production before anyone finds it.
English
0
0
0
884
Anthropic
Anthropic@AnthropicAI·
Our security bug bounty program is now public on HackerOne. We've run the program privately within the security research community, and their findings have strengthened our products. Now anyone can report vulnerabilities and get rewarded. Read more: hackerone.com/anthropic
English
219
523
4.5K
951K
Pluto Security
Pluto Security@pluto_security·
@0xcorte That's the goal. Getting there in real time is where most teams get stuck.
English
0
0
0
32
Pluto Security
Pluto Security@pluto_security·
Your AI agent just connected to Salesforce, GitHub, and Slack. It has more access than most of your employees. Does your security team know that?
English
3
0
17
778
Pluto Security
Pluto Security@pluto_security·
@satyanadella Agent Mode default across Word, Excel, and PowerPoint. Every enterprise just got a much bigger AI footprint to secure.
English
0
0
0
25
Satya Nadella
Satya Nadella@satyanadella·
We're making a big change to the Copilot experience. Agent Mode is generally available and now the default across Copilot in Word, Excel, and PowerPoint. As models become more capable, we’re bringing that power to where real work happens, right in the canvas. The power of a spreadsheet as an example is its spatial representation of information. What sits next to what, what feeds what. Give an agent that canvas to reason over, and a single prompt can reshape the model, the bridge, and the narrative at once. Read more: microsoft.com/en-us/microsof…
English
296
339
2.5K
438.7K
Pluto Security
Pluto Security@pluto_security·
@AnthropicAI Models that can self-report misalignment is a big step. The harder question is whether enterprises can act on that signal in real time.
English
0
0
0
212
Anthropic
Anthropic@AnthropicAI·
In new Anthropic Fellows research, we discuss “introspection adapters": a tool that allows language models to self-report behaviors they've learned during training—including potential misalignment.
keshav@kshenoy_

Can LLMs simply tell us about unwanted behaviors they’ve picked up in training? We train a single Introspection Adapter (IA) that makes fine-tuned models describe their behaviors. It generalizes to detecting hidden misalignment, backdoors and safeguard removal.

English
127
136
1.4K
229.2K
Pluto Security
Pluto Security@pluto_security·
ClaudeSec is officially LIVE! Meet the new security-first hub for the Claude ecosystem, powered by @pluto_security. ❓Always yearned for a unified search of all existing extensions? ❓Ever wondered what ones are flagged as high-risk? ❓Dreaming of knowing how to deploy safely with Claude? All of this (and more) is now waiting for you on our new planet. Give it a go and let us know in the comments what you thought! Link in the first comment.
English
5
4
30
1.5K
Pluto Security
Pluto Security@pluto_security·
@claudeai Agents that learn from every session are powerful. They also accumulate context that most security teams have zero visibility into.
English
0
0
0
739
Claude
Claude@claudeai·
Memory on Claude Managed Agents is now in public beta. Your agents can now learn from every session, using an intelligence-optimized memory layer that balances performance with flexibility.
Claude tweet media
English
376
614
9.1K
652K
Pluto Security
Pluto Security@pluto_security·
@omarsar0 Self-evolving agents are impressive. They're also the hardest thing to put guardrails on.
English
0
0
1
189
elvis
elvis@omarsar0·
// Self-Evolving Agent Protocol // One of the more interesting papers I read this week. (bookmark it if you are an AI dev) The paper introduces Autogenesis, a self-evolving agent protocol where agents identify their own capability gaps, generate candidate improvements, validate them through testing, and integrate what works back into their own operational framework. No retraining, no human patching, just an ongoing loop of assessment, proposal, validation, and integration. Why it's worth reading this paper: Static agents age quickly. As deployment environments change and new tools arrive, the agents that survive will be the ones that can safely rewrite themselves. Autogenesis is part of a growing wave of self-improving agent systems, alongside work like Meta-Harness and the Darwin Gödel Machine line, and it's one of the cleaner protocol-level takes on continual self-improvement so far. Paper: arxiv.org/abs/2604.15034 Learn to build effective AI agents in our academy: academy.dair.ai
elvis tweet media
English
58
257
1.6K
254.1K
Pluto Security
Pluto Security@pluto_security·
@Baron_VonSnatch That's what makes this pattern so dangerous. The software is easy to run. The blast radius is not easy to see.
English
0
0
1
31
Baron VonSnatch
Baron VonSnatch@Baron_VonSnatch·
@pluto_security These kinds of vulnerabilities must be everywhere right now. Never before have there been this many people on earth willing to download and run unverified software.
English
1
0
0
28
Pluto Security
Pluto Security@pluto_security·
Our research team disclosed CVE-2026-33032, a critical CVSS 9.8 vulnerability in nginx-ui that exposed over 500K users to full server takeover through a single unauthenticated request. No credentials. No exploit chain. Actively exploited in the wild. The root cause: MCP endpoints that inherit an application's full capabilities but skip its security controls entirely. The pattern is clear - and it's only getting more common as agentic workflows connect deeper into enterprise workspace infrastructure. Most security teams have no visibility into what MCP servers are running in their environment, no inventory of the endpoints they're exposing, and no way to enforce it. Full breakdown → lnkd.in/dmbkkQAp As covered by The Hacker News → lnkd.in/gWTZt4e4
Pluto Security tweet media
English
2
3
21
1.3K