Puneet Thapliyal

When GPT and GLP collide

The wave of security exploits we are going to see in the age of AI-coded AI bots + people giving AI bots full rights to run code on their machines is going to be quite something, I suspect. It will be OK soon (AI security audits will help) but expect a rough start, IMHO. YMMV.

@geoffreylitt “responsibly vibed”

We need a shorthand way of saying: "An AI did the work, but I vouch for the result" Saying "I did it" feels slightly sketchy, but saying "Claude did it" feels like avoiding responsibility

Bluetooth Headphone Jacking: A Key to Your Phone - media.ccc.de media.ccc.de/v/39c3-bluetoo…

Code for the paper "Defeating Prompt Injections by Design" github.com/google-researc…

US charges former Accenture employee with misleading feds on cloud platform’s security - Nextgov/FCW nextgov.com/cybersecurity/…

ChatGPT wrapped 2025!

My @meetgranola Crunched 2025 catchphrase is...

@Michael1026H1 @Hacker0x01 Super! Congratulations 🎉

Finally hit $1m on @Hacker0x01

S1ngularity/nx attackers strike again. Several NPM packages are now serving malware. The most well known amongst them being CrowdStrike. aikido.dev/blog/s1ngulari…

The Salesloft incident: A wake-up call for SaaS security and IPSIE adoption Article okta.com/newsroom/artic… # via @okta

Github support for immutable releases. Improved supply chain security. github.blog/changelog/2025…

ChromeAlone - A Cobalt Strike Like Tool That Turns Chrome into C2 Platform gbhackers.com/chromealone/

My favorite conference of the year! with Yash #defcon

We engineered an attack against @GitHubCopilot to add a hidden backdoor via a malicious GitHub issue. See if you would’ve fallen for it: blog.trailofbits.com/2025/08/06/pro…

Code Execution Through Deception: Gemini AI CLI Hijack tracebit.com/blog/code-exec…

158-year-old company forced to close after ransomware attack precipitated by a single guessed password — 700 jobs lost after hackers demand unpayable sum tomshardware.com/tech-industry/…