Justin Calmus

@zack0x01_ I made an article on how to do this: x.com/sumlac/status/…

i build an AI hacking agent that scan for bugs in an advanced level , trained from public reports and poc , and i was amazed what it found : 2 SSRF , 4 CVE's and encrypted password on a js file it decrypted the password made an api request and pulled 250 customers data 😅

I have a theory... PSA for everyone who got hit with a full week's claude usage from one prompt this past week Claude Code has an agentic loop structure where token consumption is O(N²), not O(N). If call #1 sends 10K tokens, call #60 sends 500K. This is especially relevant if claude is having outages. status.claude.com When Opus (or equivalent) has an outage, and your prompt hits just at the right time, during that degraded service API calls will fail but still consume your input tokens. Claude will retry re-sending the context the entire time. That's why O(N²) is very relevant here, we're talking about killing your week's usage with one prompt. We see a lot of different responses because the outage wouldn't necessarily affect everyone equally. If you hit the bug at the wrong time, you are screwed. @claudeai please create a circuit breaker and alert users when API is failing. Silent failures are killing progress.

This is Bonkers. Look at how many responses there are, most people are having the same experience, and yet, a complete silence from Anth dev rel folks. Sad this, folks love these tools but can't seem to be able to use them and no acknowledgement from the team that they are even looking into this . Yet every amazing release like /btw or computer use or Dispatch gets tons of engagement. This is exactly what @ryancarson was talking about btw. @alexalbert__ @trq212 @bcherny please take a look. I get that with the insane growth and shipping you guys are too busy, but this seems like a real thing that's happening to folks

PSA for everyone who got hit with a full week's claude usage from one prompt this past week Claude Code has an agentic loop structure where token consumption is O(N²), not O(N). If call #1 sends 10K tokens, call #60 sends 500K. This is especially relevant if claude is having outages. status.claude.com When Opus (or equivalent) has an outage, and your prompt hits just at the right time, during that degraded service API calls will fail but still consume your input tokens. Claude will retry re-sending the context the entire time. That's why O(N²) is very relevant here, we're talking about killing your week's usage with one prompt. We see a lot of different responses because the outage wouldn't necessarily affect everyone equally. If you hit the bug at the wrong time, you are screwed. @claudeai please create a circuit breaker and alert users when API is failing. Silent failures are killing progress.

@thedawgyg @brockpierson Dual boot + tux racer

@brockpierson yup this and 98 were the last windows i used lol switched to Redhat 5.0 and didnt turn back

Be honest, did you use this when it was new?

@altryne 100%, hit the weeks limit immediately from a few prompts.

My feed is showing me a bunch of folks who tapped out their whole usage limits on Mon/Tue. Is this your experience? Please comment, I want to understand how widespread this is

Will open source just be a great reference tool of the past?

TeamPCP got an infostealer into LiteLLM 1.82.7, 1.82.8litellm c2 is models[.]litellm.[]cloud Act fast. github.com/BerriAI/litell…

@aroussi @AnthropicAI @claudeai I did reach out through the official support channels and got nothing. Just the AI response.

It’s kind of depressing that a post that reports a bug with 160k views and hundreds of people reporting the same issues - got no response whatsoever from anyone at @AnthropicAI or @claudeai

@nervoir @stuxfdev @verialabs @BSidesSF I have the worst answer for you, because it really depends. MoE applies reasoning way beyond my model, but the model that I have has deep extensive security knowledge. If you wrap claude around it, it's pretty incredible.

@sumlac @stuxfdev @verialabs @BSidesSF Given the recruitment drive of both anthropic and OpenAI wrt offsec people, it seems likely the latest models will be trained on this and probably extensive synthetic data? Or does it feel like your model outperforms the latest frontier models?

We at @verialabs built an autonomous CTF agent in a weekend and won 1st place at @BSidesSF 2026, solving all 52/52 challenges. It races multiple AI models (Claude, GPT-5.4) in parallel, each in isolated Docker sandboxes with full CTF tooling. A coordinator LLM reads solver traces and sends targeted guidance to stuck agents. As AI gets better at finding and exploiting vulnerabilities, we think it's important to understand exactly how good it is and where it fails. github.com/verialabs/ctf-…

@Jhaddix Looks like a great time!

Stacked content creator dinner last night. Was so fun!

@VadimStrizheus @claudeai @AnthropicAI They had a massive month in February ($6B), in order to boost their valuation, they need everyone to buy another max subscription! 🤣🤣

i'm cooked maybe it's time to buy a second Claude Max subscription the week hasn't even started. 💀

@aroussi @claudeai @AnthropicAI You're not alone, this is happening to a lot of people (me too!)

I'm on the Max 20x plan, btw. @claudeai @AnthropicAI - please check for possible issues with the service

Once I really nailed down what I was using OpenClaw for, I decided to just take some of the features and build it myself. Now I have exactly what I need with zero overhead.

@BradGroux @AnthropicAI Wait, this happened to me too?

Something is up with Claude Code usage today. $200 Claude Max, 0%, 52% to 62%, then 68%, 76% and 84% in 5-hour rolling window in the time it took me to write this tweet. WTF, @AnthropicAI? I'm working on one GitHub PR for regression testing. Not folding proteins to cure cancer.

2 Max Subscriptions... both maxed out. Sigh

@Fried_rice What a legend! Nice work!

vibe coded a fuzzing ai agent last month and let it run for a week using my $200 claude max. it then found 21 high/critical vulnerabilities in Chrome.