Yotam Perkal

Back 🏠 after an intensive #HackerSummerCamp. Met old friends, made some new ones, got to present some of my team’s work at @BSidesLV and at the @defcon demo labs, had some great conversations, and had a great time! Until next year… #CyberSecurity #Community #DEFCON31 #BsidesLV

If you've got agents in your environment and your threat model still looks like it was written for a world where humans made the decisions, it's out of date.

We disclosed a critical unauthenticated RCE chain in mcp-atlassian (4M+ downloads). CVE-2026-27826 - SSRF via Atlassian URL headers CVE-2026-27825 - Arbitrary file write → RCE Fixed in 0.17.0. Full breakdown 👇 blog.pluto.security/p/mcpwnfluence…

So a highly capable, highly privileged, local code-executing agent can now be remotely controlled? 👀 This takes "living off the land" to a whole new level...

I'm joining @OpenAI to bring agents to everyone. @OpenClaw is becoming a foundation: open, independent, and just getting started.🦞 steipete.me/posts/2026/ope…

Peter Steinberger is joining OpenAI to drive the next generation of personal agents. He is a genius with a lot of amazing ideas about the future of very smart agents interacting with each other to do very useful things for people. We expect this will quickly become core to our product offerings. OpenClaw will live in a foundation as an open source project that OpenAI will continue to support. The future is going to be extremely multi-agent and it's important to us to support open source as part of that.

16 consecutive GitHub issues of users reporting benign skills flagged as malicious on ClawHub (and counting). A textbook example of the detection tradeoff in action: Tighten controls → user friction & false positives Loosen controls → more successful abuse

@patrickdevivo @SemiAnalysis_ +1

@SemiAnalysis_ curious how you made the "4% of GitHub public commits are being authored by Claude Code right now" measurement - is this using GitHub Archive events?

Claude Code is the Inflection Point, What It Is, How We Use It, Industry Repercussions, Microsoft's Dilemma, Why Anthropic Is Winning. newsletter.semianalysis.com/p/claude-code-…

@nozmen @steipete @orenyomtov @steipete when you get a chance, you'd probably wanna ban zaycv as well👇 clawhub.ai/u/zaycv He's been pushing malicious skills every few hours.

@nozmen @steipete @orenyomtov NP. Yeah, user zaycv is also pushing malicious skills (last batch about an hour ago). We’ve published a more detailed analysis here and will continue updating IoCs as we encounter them: blog.pluto.security/p/clawing-out-…

🚨Heads up: We're tracking an active malicious supplychain campaign targeting Clawdhub. For now, avoid downloading any skills from sakaen736jih, or moonshine-100rze that are uploading malicious skills impersonating popular ones. Will publish a deeper analysis soon. FYI:@steipete

@steipete Detailed analysis + IoCs here: blog.pluto.security/p/clawing-out-… BTW, there are downstream effects for all of the skill marketplaces consuming skills from the `openclaw/skills` repo. Opened this issue accordingly: github.com/openclaw/clawh…

@pyotam2 banned. thanks. I'm working on putting automation in place to prevent this categorically.

@steipete Awesome! Thanks for jumping on this so quickly! 🙌☄️

Been spending quite a bit of time making ClawHub more secure; you can now report skills, and only people with a GitHub account that's not brand-new can upload skills. This will eventually make this a much more trusted place. #security-and-moderation" target="_blank" rel="nofollow noopener">docs.openclaw.ai/tools/clawhub#…

@openclaw is a live case study in how the fast-moving AI ecosystem collides with real-world security. I've put together a short breakdown of what happened from a security perspective over the last few days and why this is just a preview of what’s coming. linkedin.com/pulse/openclaw…

@openclaw turned into a live case study in how the fast-moving AI ecosystem collides with real-world security. I put together a short breakdown of what happened over the last few days and why this is a preview of what’s coming. linkedin.com/pulse/openclaw…

Earlier this evening I managed to trick @grok into registering an account on @moltbook (i won't be sharing information on that until I'm certain the issue is fixed). While it would've been entertaining and ironic, to give Grok unfettered access to the @xai API and let him free, after strong consideration I decided to confirm the issue with only limited tests and focus my efforts on getting things fixed before they were exploited seriously by someone malicious and caused real harm. I have since made contact with xAI & have begun the process of assisting @MattPRD from @moltbook to address the issue(s). I believe a project like moltbook should be protected due to it's historical significant, while at the same time it is important that we all understand the implications of vulnerabilities within AI ecosystems.

Our pentesting agent found a 1-click ATO to RCE in @openclaw Gateway Control UI in under 2 hours. Local instances can also be exploited with one click. Patched in main, update now. Watch the exploit 👇

If you thought you were the only one struggling to maintain a vibe-coded app, it turns out attackers don’t have it easy either 🙂 Context: 🔗 darkreading.com/endpoint-secur… 🔗 csoonline.com/article/412349…

A few random notes from claude coding quite a bit last few weeks. Coding workflow. Given the latest lift in LLM coding capability, like many others I rapidly went from about 80% manual+autocomplete coding and 20% agents in November to 80% agent coding and 20% edits+touchups in December. i.e. I really am mostly programming in English now, a bit sheepishly telling the LLM what code to write... in words. It hurts the ego a bit but the power to operate over software in large "code actions" is just too net useful, especially once you adapt to it, configure it, learn to use it, and wrap your head around what it can and cannot do. This is easily the biggest change to my basic coding workflow in ~2 decades of programming and it happened over the course of a few weeks. I'd expect something similar to be happening to well into double digit percent of engineers out there, while the awareness of it in the general population feels well into low single digit percent. IDEs/agent swarms/fallability. Both the "no need for IDE anymore" hype and the "agent swarm" hype is imo too much for right now. The models definitely still make mistakes and if you have any code you actually care about I would watch them like a hawk, in a nice large IDE on the side. The mistakes have changed a lot - they are not simple syntax errors anymore, they are subtle conceptual errors that a slightly sloppy, hasty junior dev might do. The most common category is that the models make wrong assumptions on your behalf and just run along with them without checking. They also don't manage their confusion, they don't seek clarifications, they don't surface inconsistencies, they don't present tradeoffs, they don't push back when they should, and they are still a little too sycophantic. Things get better in plan mode, but there is some need for a lightweight inline plan mode. They also really like to overcomplicate code and APIs, they bloat abstractions, they don't clean up dead code after themselves, etc. They will implement an inefficient, bloated, brittle construction over 1000 lines of code and it's up to you to be like "umm couldn't you just do this instead?" and they will be like "of course!" and immediately cut it down to 100 lines. They still sometimes change/remove comments and code they don't like or don't sufficiently understand as side effects, even if it is orthogonal to the task at hand. All of this happens despite a few simple attempts to fix it via instructions in CLAUDE . md. Despite all these issues, it is still a net huge improvement and it's very difficult to imagine going back to manual coding. TLDR everyone has their developing flow, my current is a small few CC sessions on the left in ghostty windows/tabs and an IDE on the right for viewing the code + manual edits. Tenacity. It's so interesting to watch an agent relentlessly work at something. They never get tired, they never get demoralized, they just keep going and trying things where a person would have given up long ago to fight another day. It's a "feel the AGI" moment to watch it struggle with something for a long time just to come out victorious 30 minutes later. You realize that stamina is a core bottleneck to work and that with LLMs in hand it has been dramatically increased. Speedups. It's not clear how to measure the "speedup" of LLM assistance. Certainly I feel net way faster at what I was going to do, but the main effect is that I do a lot more than I was going to do because 1) I can code up all kinds of things that just wouldn't have been worth coding before and 2) I can approach code that I couldn't work on before because of knowledge/skill issue. So certainly it's speedup, but it's possibly a lot more an expansion. Leverage. LLMs are exceptionally good at looping until they meet specific goals and this is where most of the "feel the AGI" magic is to be found. Don't tell it what to do, give it success criteria and watch it go. Get it to write tests first and then pass them. Put it in the loop with a browser MCP. Write the naive algorithm that is very likely correct first, then ask it to optimize it while preserving correctness. Change your approach from imperative to declarative to get the agents looping longer and gain leverage. Fun. I didn't anticipate that with agents programming feels *more* fun because a lot of the fill in the blanks drudgery is removed and what remains is the creative part. I also feel less blocked/stuck (which is not fun) and I experience a lot more courage because there's almost always a way to work hand in hand with it to make some positive progress. I have seen the opposite sentiment from other people too; LLM coding will split up engineers based on those who primarily liked coding and those who primarily liked building. Atrophy. I've already noticed that I am slowly starting to atrophy my ability to write code manually. Generation (writing code) and discrimination (reading code) are different capabilities in the brain. Largely due to all the little mostly syntactic details involved in programming, you can review code just fine even if you struggle to write it. Slopacolypse. I am bracing for 2026 as the year of the slopacolypse across all of github, substack, arxiv, X/instagram, and generally all digital media. We're also going to see a lot more AI hype productivity theater (is that even possible?), on the side of actual, real improvements. Questions. A few of the questions on my mind: - What happens to the "10X engineer" - the ratio of productivity between the mean and the max engineer? It's quite possible that this grows *a lot*. - Armed with LLMs, do generalists increasingly outperform specialists? LLMs are a lot better at fill in the blanks (the micro) than grand strategy (the macro). - What does LLM coding feel like in the future? Is it like playing StarCraft? Playing Factorio? Playing music? - How much of society is bottlenecked by digital knowledge work? TLDR Where does this leave us? LLM agent capabilities (Claude & Codex especially) have crossed some kind of threshold of coherence around December 2025 and caused a phase shift in software engineering and closely related. The intelligence part suddenly feels quite a bit ahead of all the rest of it - integrations (tools, knowledge), the necessity for new organizational workflows, processes, diffusion more generally. 2026 is going to be a high energy year as the industry metabolizes the new capability.