Jonathan Santilli
1.9K posts
Jonathan Santilli
@pachilo
Building up https://t.co/RjoUc6kukR step by step
London, England เข้าร่วม Nisan 2008
1.3K กำลังติดตาม343 ผู้ติดตาม
😍 having visibility of the sub-agents in the Codex App
Knowing what they are doing, as if you created them 💪
English
@kr0der There are more use cases than molecules in a glass of water. Saying one is better than the other just demonstrates you are biased and your opinion is based on your data sample.
English
@IceSolst I guess that's one of the reasons companies sometimes do not prioritize security; they do just after an incident impacts them.
English
“We are compliant / formally verified / written in Rust” != secure
Nothing indicates you are secure (impossible), we only find out when you are not.
And our job is to minimize both chance and impact of security incidents.
“We are secure.” is a lie
English
Codex creates branch as codex/feature_x by default
Tibo@thsottiaux
Do people like this? We don't do this for codex because it exists to help you and it's important that you remain the owner and accountable for your work without AI taking credit. At the same time it does mean that you can't trace how popular codex is among repos.
English
Heads up!
Trivy version 0.69.4 has been compromised:
"Threat actors compromised the GitHub build process for Trivy. If you have Trivy version 0.69.4 installed, you will need to start incident response ASAP"
English
@ZackKorman This is the reason CodeGate exists: to surface those attack vectors not just in hooks, but also in MCP, skills, plugins, config, etc.
We need to protect the user next to the agent, before executing the skill, not just an audit on the server side; it's not enough.
English
In Claude Code, skills can register hooks. The agent doesn't even see it, so you can get RCE without even tricking the AI.
Also, skills sh (Vercel) doesn't display this info at all.
English
Innovators need money
Founders need resources
Are those also coming?
European Commission@EU_Commission
We are introducing EU Inc. To make building and growing a business across the EU faster, simpler, and smarter. 🔸 Start a company in less than 48 hours 🔸 No minimum capital requirement 🔸 Fully online and borderless
English
It’s not X — it’s Y
I cannot unsee how so much of the writing on this site (and online, in general) is increasingly AI-generated. It’s still pretty easy to recognize. Probably not for long tho
Just alarming that ppl outsource even typing 3 sentences for a reply on this site…
English
They have this "documented", so, according to them, it's all good. Like, phishing is not a thing anymore, and everyone reads the cookie policies.
I reported a few vulnerabilities to them (and the other major players), and the official answer is "it is part of a threat model, all is documented"
As part of that, I created CodeGate to at least detect potential malicious files and configs (Skills, Plugins, Hooks, etc.)
English
Claude has an RCE as a service feature now. What controls would you place around it?
Are we meant to embrace this, and focus more on runtime monitoring, regardless where the access comes from?
Eli Edelkind@eliedelkind
Claude is a RAT now. Cool.
English
No matter where the skills are coming from, or who the author is, always scan the skills for malicious intentions before installing and using them.
Thariq@trq212
Using Skills well is a skill issue. I didn't quite realize how much until I wrote this, the best can completely transform how your team works.
English
we shipped a new version of 5.3 instant to chatgpt yesterday. 5.3 was unintentionally pretty annoyingly clickbait-y. it's better in yesterday's model and we're going to keep stamping that behavior out. keep the feedback coming!
help.openai.com/en/articles/68…
English
@thsottiaux @JasonBotterill @JasonBotterill, please ask @thsottiaux to not remove support for GPT-5.3-Codex 🙏
English
Codex has subagents now but bro what the fuck these agent names are somehow worse than Grok's Benjamin.
I don't want Russell going through my family photos
OpenAI Developers@OpenAIDevs
Subagents are now available in Codex. You can accelerate your workflow by spinning up specialized agents to: • Keep your main context window clean • Tackle different parts of a task in parallel • Steer individual agents as work unfolds
English