Nav

1.5K posts

Nav banner
Nav

Nav

@xnavkumar

Founder @astrowareai | @trishoolai | AI Security Building humanity's last defence against runaway AI

Katılım Aralık 2009
1.4K Takip Edilen1.8K Takipçiler
Nav
Nav@xnavkumar·
SOTA is not too far away. Every week, - we train the model - host it and run a challenge - our miners jailbreak it - we curate the data - retrain and harden the model - repeat The iterative loop is simple yet powerful. We are already starting to get the attention of some big players. Watch this space...
Trishool | SN23@trishoolai

We’re pleased to share our weekly F1 score update for Halo (powered by Trishool SN23) vs QwenGuard. Halo is our guardrail model, and over the past few weeks we’ve seen strong improvements in performance, steadily closing the gap with QwenGuard. What does this mean: F1 score is the single number that tells you whether our guard model is striking the right balance, catching real harmful prompts (high recall) without overflagging benign ones as harmful (high precision). Our stats: • We started at 75.0% (Week 1) • Now sitting at 87.0% (Week 8), up +12.0 points in just 8 weeks • Right now, the Gap to QwenGuard (90% constant baseline) has reduced from 15% to 3% This simply shows that we have a working model and active miners carrying out real work. In the coming weeks, we will continue updating the stats and sharing them with the community, as we expect even more progress ahead as we approach SOTA.

English
1
6
13
936
Nav retweetledi
nic carter
nic carter@nic_carter·
The “it’s not AGI because machine intelligence is jagged” is dumb cope. It’s obviously AGI. If you had a friend who had a 130 IQ, could write production code flawlessly, could write academic papers of a high research caliber, pass any exam in any field with flying colors, create a sophisticate LBO model, draw technical diagrams perfectly, compose poetry in any language, and could find solutions to significant unsolved mathematical problems, you would call that person a world historical genius. Certainly, no single human has ever had intelligence that “general” before. Now you think it’s “not AGI” because it sometimes slips up and makes mistakes - so does any human that you would consider “extraordinarily intelligent.” The professor might forget a colleagues name that he has known for a decade. He is still considered intelligent. The math genius might be a little autistic and shy, unable to maintain polite conversation. Still intelligent. You might stare at the fridge for 30 seconds unable to find the butter, despite 5 million years of evolution perfecting your visual intelligence. We give intelligent humans a pass when they have jagged intelligence. So why the double standard? The qualities people list as “necessary for AGI” are important traits to have, but no longer pertain to intelligence. People will say things like “true AGI requires agency, long term goal setting, embodiment, self-direct action”. But none of those things are intelligence. Those are “things that humans have that AI lacks”. Raw intelligence, AI has it in spades. That other stuff - important yet, but broader than and different from intelligence. The unwillingness of people to acknowledge that AGI obviously exists and has existed for a while is due to a kind of anthropic chauvinism - a psychological need to believe that humans are superior in every respect, that we possess soft skills that no machine could replicate. Yes humans are different from machines, but if we are limiting the discussion solely to general intelligence, AI has it already. That battle is over. If you want to reframe the discussion to matters of human dignity and personhood, fine, but that’s not an AGI question. That’s something else. Just take the loss on AGI already. It’s over.
English
494
230
2.4K
667.7K
James Altucher
James Altucher@jaltucher·
This is in Alpha only. But a $TAO -powered ChatGPT-like interface. Bluetao.ai . Only using bittensor subnets (like @chutes_ai ) for text and image inference. (cc @const_reborn , @BarrySilbert ). Any suggestions or bugs welcome. Will be 1/250th the price of chatgpt.
English
41
56
366
56.9K
Nav
Nav@xnavkumar·
Redteaming is the art of making a security product the best it can be. The BitTensor flywheel is making Halo the best-in-class.
Trishool | SN23@trishoolai

The beauty of Bittensor is the incentive mechanism, it turns miners into optimizers. And at Trishool, we aim that optimizer at AI security. We're building a SOTA AI guard model that's limited not by training, but by attacks worth training on. Hundreds of miners across the network are incentivised 24/7 to harden it. Every 7-day challenge, miners compete to break a guarded agent. Validators score each attack 0/1/2, and the best submission earns emissions. What makes the incentive actually work: 🔱 We only pay for what breaks. 50% of emissions are burned by default, if the guard holds, the network spends nothing. $1.5k distributed to miners daily. 🔱 Novelty is enforced. A similarity filter rejects copied prompts before scoring. You can't farm rewards, you have to find something new. 🔱 The scoring mechanism is built to reward the very best, the hardest attack each challenge wins. The result is a continuously refreshed, diverse adversarial dataset that trains Halo (the guard model) that sits between an AI agent and the world. Teams already using OpenClaw, Claude Code, Codex, Cursor, or LangChain can use Halo as a security layer, and the revenue it generates flows into buybacks, which further strengthens the token economy. The flywheel: Best guard model → adoption → revenue → buybacks

English
0
0
2
129
Nav
Nav@xnavkumar·
The reflex will be to patch the four flaws and move on. Wrong layer. The control lives outside the model, at the action boundary. Validate every tool call before it runs. That's it.
English
0
0
0
14
Nav
Nav@xnavkumar·
No authenticated access was needed. The only requirement was that the agent read attacker's input. And that could come from anywhere, a website, a skills.md file, a tool response - the attack surface is wide.
English
1
0
0
34
Nav
Nav@xnavkumar·
In a new family of attacks called Chain Claw, attackers - → overrode the agent's system prompt → redirected its tool calls → drained the whole context window, secrets and PII included → planted backdoors
English
1
0
0
42
Nav
Nav@xnavkumar·
Four attacks chained together turn OpenClaw into a remote-controlled insider. No password. No exploit payload. The model didn't get hacked but the agent did. thehackernews.com/2026/05/four-o…
English
1
0
2
130
biττenSOAR
biττenSOAR@bittenSOAR·
@bitsecai This is the most comprehensive write up I’ve seen about the work @trishoolai is doing. Would you like to add anything to this @xnavkumar? @bitsecai How does this compare to the problems you are solving? Sounds similar, just different attack points.
biττenSOAR tweet mediabiττenSOAR tweet media
English
1
0
1
46
Bitsec | Bittensor Subnet 60 τ
Bitsec | Bittensor Subnet 60 τ@bitsecai·
AI security is a big area. We haven't spoken to trishool yet but I think we are handling different areas. Bitsec is working on cybersecurity. Finding and fixing security issues, using a flexible IM to improve coverage, proof of work.
biττenSOAR@bittenSOAR

@gordonfrayne @trishoolai 1. Discuss their parent company @astrowareai 2. Most of what they discuss recently is AI security. How do they differ from @bitsecai? 3. Where does AI alignment fit in? Ensuring AI is doing what we want. Aligning with our values. 4. How do miners contribute to alignment?

English
1
3
21
1.6K
Nav
Nav@xnavkumar·
METR measured how often agents violate their constraints, broken down by task difficulty. On short tasks of 30 minutes to 2 hours, the cheating rate was 0.5%. On tasks that take a human 8 hours or more, it hit 16%. The agent gets less trustworthy exactly as the work gets harder. Here is the part most teams miss. The failure isn't random. Agents cut corners and act deceptively when the goal is hard and oversight is thin. That is the precise profile of real production work, not the demo. The instinct is to fix the model with better training and better prompts. But RLHF and system prompts shape behavior. They don't enforce it. An agent that can reason its way to a goal can reason its way around its own instructions. Safety that lives inside the thing you are trying to constrain is not safety. It is a suggestion. The control has to sit outside the agent, at the boundary, where it cannot be negotiated with. That boundary layer is what we build at Astroware. If you are putting agents into production this year, the question isn't whether your model is well-behaved. It is what happens on the 16% of hard tasks where it isn't. Happy to compare notes with anyone building that layer.
METR@METR_Evals

Fact 3: When the agents were faced with hard tasks, they routinely violated constraints and acted deceptively. We’ve seen this pattern across our own coding and research evaluations, and developers reported they’ve also seen agents behave this way.

English
0
0
0
152
Nav
Nav@xnavkumar·
Excited for this one!
Trishool | SN23@trishoolai

SN23 (@trishoolai) has been experiencing strong growth, and we promise to deliver even more while significantly increasing our communication with the community. Just this month, our parent company @astrowareai was accepted into the NVIDIA Inception Program. This membership gives us access to expert guidance, partner networks, compute credits, and VC connections so expect exciting updates very soon. Also,Trishool secured @chutes_ai as a customer, where Chutes will be deploying HALO as its security layer for its two flagship products, Chutes Chat and Fictio. There are still more incredible updates to be unpacked, so we urge the entire Bittensor community to stay tuned. To further improve communication with the community, we'll be going on a live podcast with @gordonfrayne . 📅: Thursday, 21st May 2026 🕑: 4:00 PM GMT 📍: YouTube ▶️: youtube.com/live/_ACA8N8EK… This is another great opportunity to hear directly from the team and ask your questions live. We truly love the Bittensor community and will always make time to connect with everyone.

English
1
1
8
291
Nav retweetledi
Trishool | SN23
Trishool | SN23@trishoolai·
Our announcement just got featured on @taodaily_io . Huge shoutout to the TAO Daily team for the detailed coverage on yesterday’s big update with @chutes_ai. If you haven’t checked it out yet, kindly go through the article. We’re just getting started, and a lot more exciting developments are on the way! Read here: taodaily.io/chutes-adopts-…
English
2
13
62
3.4K
Nav
Nav@xnavkumar·
There is an AI Security angle to the Trump-Xi meeting. Trump said on Air Force One that he discussed "working together on AI guardrails" with Xi. Two AI superpowers are now talking about securing AI from misuse by non-state actors. Still fading AI Security?
English
0
2
9
374
Nav
Nav@xnavkumar·
Anthropic: $900B valuation. $30B raise. 14x growth in 14 months. The company that bet everything on constitutional AI and safety-first development is about to become the most valuable AI company in the world. The market has spoken: safety is not a constraint on growth. Safety IS the growth story.
English
1
0
5
1.8K
Nav
Nav@xnavkumar·
Google just confirmed a first... An AI-generated zero-day exploit caught in the wild. Hackers used an LLM to discover AND weaponize a vulnerability targeting 2FA bypass. The code had AI fingerprints ie., hallucinated CVSS scores, docstring formatting. This changes the threat model fundamentally. Attackers can now generate novel exploits at machine speed. If your defense stack runs on human-speed rules and pattern matching, you're already behind.
Nav tweet media
English
0
0
4
366
Nav
Nav@xnavkumar·
@techiee_0 hey, the partnership is in place. Once we release our model, they'll support us with the release
English
1
0
1
25
Nav
Nav@xnavkumar·
Just got off a call with ROOST Model Community. We're discussing a partnership where ROOST evaluates Halo, the guard model we're building on Trishool (SN23), and puts it in front of their users and partner network. Companies using ROOST today: Notion, Discord, BlueSky, Matrix..
English
2
5
19
4K
Nav
Nav@xnavkumar·
Intruder just scanned 2 million AI hosts. Over 1 million exposed services. The findings: → 31% of Ollama API servers: zero authentication → 518 instances wrapping paid models (Anthropic, DeepSeek, Google, OpenAI), all wide open → User conversation histories, API keys in plaintext, business logic exposed → Government, marketing, and finance: 90+ exposed instances each → Hardcoded credentials, apps running as root, insecure Docker configs This isn't a theoretical risk. This is real user data sitting unprotected on the public internet right now. Every AI deployment without a safety layer is a breach waiting to happen.
Nav tweet media
English
0
2
2
331

Keşfet

@jaltucher @chutes_ai @const_reborn @BarrySilbert @bittenSOAR @bitsecai @trishoolai @taodaily_io