Joseph Thacker

👑 WE WON! 🎉 LFGGGG! @Rhynorater @0xLupin @monkehack and I won MVH at the Google Live Hacking Event in Tokyo last week! It was focused on their AI products. We also had an awesome time in Japan. I'll post some of the highlights below.

@JF0LKINS Yes this is exactly what I noticed

@rez0__ I think there is a bug. On my 91 hour /goal run, I was out of tokens for days while the /status would update until I closed the session.

is the codex /status SUUUUPER delayed in updating?

@moyix gpt5.5 is so weird. it's clearly better than latest opus at finding bugs but it seems to not notice really interesting leads, it explains things in a weirdly high level and theoretical way, and it almost NEVER shows the highest impact without a lot of prodding.

It's amazing how you can just tell GPT-5.5 to go get stronger evidence for the security implications of a bug and it will diligently work for 45 minutes and come back with something that is almost, but not *entirely* unconvincing

And this one is human insight w/ LLM-assisted research. Took about one week to finish everything. The AI really rescued me from a lot of tedious work — excluding the part where it changed the Domain Admin password, locked me out, and claimed it got RCE 🤦

@DanielMiessler agree with most except: > And if the alternatives were anywhere near as good, nobody would care. > But all three are false simultaneously I think codex is _very clearly_ close to as good for coding and better at hacking

This Anthropic DevRel controversy is very strange if you take a moment to think about it. You can use all of Anthropic’s models for any product. Competing products. Doesn’t matter. Always have been able to. There’s ALSO a Claude Code discount model. And in order to use that special, discounted price (here’s the shocker) you have to use Claude Code. Meanwhile gpt-5.5 API pricing is way more expensive than Opus 4.7. But nobody even notices. So the whole damn thing comes down to three things: 1. It wasn’t clear in the beginning that the subscriptions were only for Claude Code, so the switch-up was jarring 2. The communication on the whole thing has been atrocious. The team talking about features is fantastic, which makes it even more stark when the pricing story doesn’t match 3. People must MASSIVELY prefer using Claude Code, otherwise they wouldn’t be so pissed about having to use something else (Theo basically has an Anthropic podcast at this point) Just a massive amount of confusion on this whole thing. All three of these had to fail at the same time. If it was clear in the beginning that it was a Claude-Code-only subscription, nobody would care. If Anthropic hadn’t fumbled the messaging like 7 times in a row, nobody would care. And if the alternatives were anywhere near as good, nobody would care. But all three are false simultaneously, and so now the perception has become reality and a mass-migration off of Anthropic is in progress.

@HackerOn2Wheels Or podcast episodes 😉😉😉

@HackerOn2Wheels No. Many are just from public blogs or books or talks

Here’s the sauce: - agent md file with lots of disclaimers about how it’s approved testing - a bunch of hacking skills - /goal find a crit on target . com That’s literally 90% of the way there and enough to blow anyone’s mind who hasn’t been convinced yet.

@_jensec @TakSec With the goal mode it should just keep looping properly

@rez0__ @TakSec I am facing issues with context rotations any idea? Context window is so small and every time it hits context it restarts

Claude's first day at Dunder Mifflin

@DanielMiessler I still enjoy using cc more fwiw haha. And I have 3 cc subs and 1 codex sub but that little codex sub is punching up

Wow, big wind changes going on the last 3 weeks.

@NightmareJS @Blackstone0123 I’ve never gotten one since 5.5 came out. Not sure why

@Blackstone0123 @rez0__ Same. My refusals on 5.5 are off the chart

okay im calling it officially. codex is cracked. if you're a bb hunter and you dont have a hackbot set up yet, i recommend codex with gpt5.5 over claude code.

@evilsocket It does have some caveats tho. It doesn’t “go as far” to show impact as opus and it also describes bugs in weird ways that are hard to understand sometimes.

@rez0__ way less obtuse, more out of the box thinker, or pragmatic, depending on circumstance. that's my feel of it

@Blackstone0123 idk i just havent struggeld with rejections

@rez0__ But what about guardrails, even with TAC, it’s refusing a lot of time

that we'll get to a point where they are actually smarter than most humans and continue to give tons of agency to them and at some point, a simple alignment issue will lead to bigger consequences. it's a small chance but it's possible i think.

okay i feel a bit better

the dream would be to be mentioned by claude like this via pre training and not just look up.

@DanielMiessler this is hilarious

He’s going to try lay down for a bit. Tell the labs to drop 3 new features each, and reset his limits.