Justin Calmus

@bcrypt You're the best, thank you so much @bcrypt (btw: always been jealous of your handle lol)

@sumlac i added the marin data, lmk if you see any issues!

in light of the tragic news that a 2-year old died at a licensed SF daycare earlier this month, i made a site to show childcare license violations and complaints in the Bay Area: azuki.vip/childcare/

@MrTuxracer Wrote this too fast; this was meant to be bug bounty platforms*! :)

@sumlac IMO, for programs that is fine because they own the vulnerability data anyway. Entirely different story for bounty platforms, though.

Can’t stand AI posts “Real life/world example…” “That’s not… it’s….”

@trq212 I’ve had this issue several times in the last few weeks. Not sure if I can reproduce, but will be able to provide session data next time.

@EthanLipnik hmm we're looking into this more, are you able to reproduce this pretty reliably? if so would love to hop on a call to debug it

Claude Code has become unusable for me. Does anyone know how to fix the state where it just infinitely thinks with no new tokens?

@HackingLZ Let’s goo!! Happy hacking!

And it actually worked this time 🤣 **Base**: Qwen/Qwen3-32B (dense, 32.8B parameters) **Training**: QLoRA fine-tune — 21,739 examples, 3 epochs, 4,077 steps, ~11hrs on H200 **Final Loss**: 0.14 (from 1.22)

Coders in 2030 be like:

@zack0x01_ I made an article on how to do this: x.com/sumlac/status/…

i build an AI hacking agent that scan for bugs in an advanced level , trained from public reports and poc , and i was amazed what it found : 2 SSRF , 4 CVE's and encrypted password on a js file it decrypted the password made an api request and pulled 250 customers data 😅

I have a theory... PSA for everyone who got hit with a full week's claude usage from one prompt this past week Claude Code has an agentic loop structure where token consumption is O(N²), not O(N). If call #1 sends 10K tokens, call #60 sends 500K. This is especially relevant if claude is having outages. status.claude.com When Opus (or equivalent) has an outage, and your prompt hits just at the right time, during that degraded service API calls will fail but still consume your input tokens. Claude will retry re-sending the context the entire time. That's why O(N²) is very relevant here, we're talking about killing your week's usage with one prompt. We see a lot of different responses because the outage wouldn't necessarily affect everyone equally. If you hit the bug at the wrong time, you are screwed. @claudeai please create a circuit breaker and alert users when API is failing. Silent failures are killing progress.

This is Bonkers. Look at how many responses there are, most people are having the same experience, and yet, a complete silence from Anth dev rel folks. Sad this, folks love these tools but can't seem to be able to use them and no acknowledgement from the team that they are even looking into this . Yet every amazing release like /btw or computer use or Dispatch gets tons of engagement. This is exactly what @ryancarson was talking about btw. @alexalbert__ @trq212 @bcherny please take a look. I get that with the insane growth and shipping you guys are too busy, but this seems like a real thing that's happening to folks

PSA for everyone who got hit with a full week's claude usage from one prompt this past week Claude Code has an agentic loop structure where token consumption is O(N²), not O(N). If call #1 sends 10K tokens, call #60 sends 500K. This is especially relevant if claude is having outages. status.claude.com When Opus (or equivalent) has an outage, and your prompt hits just at the right time, during that degraded service API calls will fail but still consume your input tokens. Claude will retry re-sending the context the entire time. That's why O(N²) is very relevant here, we're talking about killing your week's usage with one prompt. We see a lot of different responses because the outage wouldn't necessarily affect everyone equally. If you hit the bug at the wrong time, you are screwed. @claudeai please create a circuit breaker and alert users when API is failing. Silent failures are killing progress.

@thedawgyg @brockpierson Dual boot + tux racer

@brockpierson yup this and 98 were the last windows i used lol switched to Redhat 5.0 and didnt turn back

Be honest, did you use this when it was new?

@altryne 100%, hit the weeks limit immediately from a few prompts.

My feed is showing me a bunch of folks who tapped out their whole usage limits on Mon/Tue. Is this your experience? Please comment, I want to understand how widespread this is

Will open source just be a great reference tool of the past?

TeamPCP got an infostealer into LiteLLM 1.82.7, 1.82.8litellm c2 is models[.]litellm.[]cloud Act fast. github.com/BerriAI/litell…

@aroussi @AnthropicAI @claudeai I did reach out through the official support channels and got nothing. Just the AI response.

It’s kind of depressing that a post that reports a bug with 160k views and hundreds of people reporting the same issues - got no response whatsoever from anyone at @AnthropicAI or @claudeai

@nervoir @stuxfdev @verialabs @BSidesSF I have the worst answer for you, because it really depends. MoE applies reasoning way beyond my model, but the model that I have has deep extensive security knowledge. If you wrap claude around it, it's pretty incredible.

@sumlac @stuxfdev @verialabs @BSidesSF Given the recruitment drive of both anthropic and OpenAI wrt offsec people, it seems likely the latest models will be trained on this and probably extensive synthetic data? Or does it feel like your model outperforms the latest frontier models?

We at @verialabs built an autonomous CTF agent in a weekend and won 1st place at @BSidesSF 2026, solving all 52/52 challenges. It races multiple AI models (Claude, GPT-5.4) in parallel, each in isolated Docker sandboxes with full CTF tooling. A coordinator LLM reads solver traces and sends targeted guidance to stuck agents. As AI gets better at finding and exploiting vulnerabilities, we think it's important to understand exactly how good it is and where it fails. github.com/verialabs/ctf-…

@Jhaddix Looks like a great time!

Stacked content creator dinner last night. Was so fun!