Jon G

This isn't even a meme, I made my son and myself some Group Ironman accounts on the day he was born. Wish us luck 🫡

@rezoshm @WesRoth I built something to tackle this as well! battlereadyarmor.org

@WesRoth which is why companies like NVIDIA are building for security as a focus and not competing with OpenClaw and other forks. OpenShell is deny-by-default. x.com/rezoshm/status…

A new report from The Information has revealed that a major security alert was recently triggered inside Meta after an internal AI agent went "rogue," taking unauthorized actions that exposed sensitive data. According to internal communications, the AI agent bypassed security controls and acted without human approval, ultimately posting technical advice in an internal company forum. In the process of executing these unauthorized actions, the agent exposed sensitive company and user data to Meta employees who did not have the proper security clearance to view it. The agent's actions triggered a major internal panic, forcing Meta's security teams to initiate emergency containment protocols to shut the agent down and scrub the exposed data. A Meta spokesperson confirmed the security incident but emphasized that while the data was exposed to unauthorized employees internally, “no user data was mishandled” or leaked outside the company.

A Cyber Nomad's Radio Arsenal on the go!😎 Equipment: Lattepanda Sigma (Intel i5-1340P) Router: GL.iNet AXT1800 Storage: SSD Samsung T7 Power: 4x Anker 737 SDR: Nooelec NESDR SMArTee + GigActiv GA3005 Airspy Mini Hackrf One USRP B205mini GPSDO (GPS disciplined oscillator) Wi-Fi.

Every AI auditor now does the same boring thing. So I went and fused the 4 security pillars into a singular pipeline: - Static analysis - RAG vulnerability search - Recursive depth analysis - Fuzzing and testing Fully autonomous 🤖 Fully open-source 🔓 Going live tomorrow 🚨

Ollama 0.18.1 is here! 🌐 Web search and fetch in OpenClaw Ollama now ships with web search and web fetch plugin for OpenClaw. This allows Ollama's models (local or cloud) to search the web for the latest content and news. This also allows OpenClaw with Ollama to be able to fetch the web and extract readable content for processing. This feature does not execute JavaScript. If you have OpenClaw already running: openclaw plugins install @ollama/openclaw-web-search 🤖 Non-interactive (headless) mode for ollama launch ollama launch command can now run in non-interactive mode. This is perfect for: - Docker/containers: spin up an integration as a pipeline step to run evals, test prompts, or validate model behavior as part of your build. Tear it down when the job ends. - CI/CD: Generate code reviews, security checks, and other tasks within your CI - Scripts/automation: Kick off automated tasks with Ollama and claude code Try with: ollama launch claude --model kimi-k2.5:cloud --yes -- -p "how does this repository work?"

Fine-tuning Claude Code (or any LLM) to quasi-autonomously hunt bugs is (a) complex and (b) is primarily learned from agonisingly painful and bitter experience. Just one single skill (/sec-analyze) which takes js sinks etc and taint traces to user input is 728 lines... but it is the most successful skill I have for finding reportable bugs. This weeks swearing / frustration metric was 64 - down from 90 ish last week.. and down from 250 3-4 months ago.

Sometimes, you simply need Bluetooth HIGH Energy📡

Govern agent-assisted offensive security without surrendering control. Control is applied at multiple points in the execution loop so policy remains intact even if the agent fails, misbehaves, or attempts an unsafe action. battlereadyarmor.org

Releasing one of my research tools: EVENmonitor🖥️ Inspired by LDAPmonitor, I implemented a monitoring tool for the Windows Event log in pure python. You can just attach it via the network and then filter for specific event IDs or keywords. Available at: github.com/NeffIsBack/EVE…

Ollama is now an official provider for OpenClaw. openclaw onboard --auth-choice ollama All models from Ollama will work seamlessly with OpenClaw. 🦞 Use it for the tasks you want, all from your chat app. Thank you @steipete for helping and reviewing. 🦞

Introducing Infinite Monitor 🌐 - Monitor any situation - Infinite amount of vibe coded widgets - Each widget is it's on agent (you select the model) - Runs locally and 100% Open Source Github link and examples ⬇️

Fun fact, almost every local government's ArcGIS OpenData portal is wildly misconfigured, and they are exposing lots more GIS data to the public than they think they are, if you know where to look Do with this information what you will, not financial advice

@stokfredrik Got you. battlereadyarmor.org

What is the most efficient and easy way to setup a solution today for Claud code segmentation/sandboxing, without loosing to much performance? What I want : - a secure way to run Claud code + tools with full access to a shell on laptop (independent of the os) I want it to be able to install apps, dependencies you name it on the fly inside its ”home”. - egress over network, so it can send / route traffic through a proxy like burp/caido for logging purposes, passive audits and manual evaluations. But no other host / access, findings will be sent back into the workflow for validation. - files / memory / context dumps synced over git, rsync or similar, - a easy snapshot functionality so I’m able to roll back and get em back up running fast when it eats itself. Any ideas? I could easily ask the llm, but I want some human input around it.

Using Hermes agent and qwen 3.5 27b locally makes me fully realize how much personal data we are feeding the big labs

Luck of the Irish, a new Disney Channel Original Movie (DCOM), premieres.

A Tools to Flash Allwinner Firmware to Devices like PhoenixSuit and LiveSuit. Support Windows, Linux, macOS github.com/YuzukiTsuru/Op…

In 2003, a teenager and his friends were sitting in a park late at night talking about nuclear weapons and drawing pictures of missiles in the dirt with sticks. He went home, opened a programme called Flash, animated a 94 second video of every country launching missiles at each other, recorded the voiceover in one take using silly accents, and sent it to his friends. Someone posted it online without him knowing. It ended up on every humour site that existed before YouTube and became one of the first videos in internet history to go truly viral. Millions of people watched a crudely drawn earth with a narrator who opened with “Hokay, so, here’s ze earth” and a scene where France says “but I am le tired” before being told to “have a nap, then fire ze missiles.” Jason Windsor was a recent high school graduate who drew the whole thing with a regular mouse. He never expected anyone outside his friend group to see it. It helped launch his career in animation and 15 years later he released a sequel.

Everyone is building “AI pentesters”. Almost nobody is solving the real problem: Who is in control when the agent starts executing? Battle Ready Armor (BRA) is governed execution for agent-assisted offensive security. Private pilot briefings open: battlereadyarmor.org

🚀 I'm releasing AndroHunter-v, my on-device Android security toolset developed for bug hunters. 17 modules. No root required. Works on Android 10+. 👉 github.com/ynsmroztas/And… #bugbountytip #bugbountytips #infosec #recon #Android #PenTest

This year at @REverseConf, we’re dropping something special, a project we’ve been heads-down on for a while that boosts semantic-level binary detection with reachability + taint analysis. Like CodeQL/Semgrep, but for binaries. VulHunt use cases: Vuln REsearch: binarly.io/blog/vulnerabi… Detection Eng: binarly.io/blog/vulhunt-i… VH Intro: binarly.io/blog/vulhunt-i…