mayank

@giovignone what was the issue? the only one i found by octane security was this medium issue -- [TBD][486506202] Medium CVE-2026-5888: Uninitialized Use in WebCodecs. Reported by Identified by the Octane Security Team: Giovanni Vignone, Paolo Gentry, Robert van Eijk on 2026-02-22

A couple months back, the team and I were debating what was our most commonly used piece of software. We landed on Chromium. So we wanted to see if we could find live vulnerabilities in it with our AI. Today, I'm excited to share that not only did our AI find a live vulnerability in Chromium – which powers Google Chrome, Brave, Microsoft Edge, and other browsers – but we also found live bugs in Safari and Firefox. You can also find Octane Security in Chrome's latest stable release: chromereleases.googleblog.com/2026/04/stable… Check out the video for the details...

ultimately, i see security professionals only getting supercharged instead of replaced as an effect of ai. like with many disciplines, human in the loop is the best strategy moving forward.

if a competent security professional has looked at your application, you can be reasonably sure all the important threats have been made visible. but if you simply replace the human with ai, you'll always be concerned whether it missed anything.

it's true that often times, the ai will find the same bugs as a security engineer. so you may be tempted to simply replace your security org with llms. however, the problem with this is, ai doesn't provide *security assurance*

@gadievron thank you for letting me know, i'll cancel my registration and wait for the talks to be released

@exec_mayank No?

Unprompted update: We’re at 700 attendees live and 300 online. And the people coming range from CISOs to researchers to top level officials. This has exploded beyond anything we could have imagined.

@gadievron thank you! is there a benefit to registering for the online version if i won't be able to watch the live events anyways?

@exec_mayank Yes

published my threat modeling notes that i created while preparing for various security engineering interviews, including the one at amazon:

@george__mack it isn't that simple — everyone knows about computer viruses, but that term does nothing. software is complex, and so is dealing with it. being security conscious with every piece of software is too much work, and humans are lazy.

How to fix a $220 billion industry -- with $0 and a reframe.

@elidourado 2.4% for march. there's 20 more days remaining in april, i'm sure there will be more things that will offset the inflation increasing tariff concerns you're worried about and it will still go down (or atleast not go up)

@exec_mayank March is ancient history

I have mostly come to terms with a deep recession. It’s sad that there will be so much suffering, but my family will be fine. My concern at this point is that there are worse things than a recession, and we may get them. We are playing with fire.

@elidourado we'll have the exact number for march tomorrow, but this data says otherwise

@exec_mayank Inflation is not going down

@cplearns2h4ck now this is a great way to use MCPs

Claude 3.7 + IDA MCP automatically reverse engineers Windows driver ctf I wrote without symbols(p1, p2). Proceeds to create structures and recreates source code(p3) with extreme accuracy compared to original source(p4). ~3mins fully automated

@ImposeCost why are we talking about non-repudiation vs accuracy

@mathtick @linknyte @bestniggy this shouldn't be public. there's some PII within it.

@linknyte @exec_mayank @bestniggy drive.proton.me/urls/HHV8V69TNG it's pwd protected ... no idea if anyone grabbed the data. Should be decentralizd I think unless like it's literally criminal to distribute it. Presumably it's public as all things like this should be.

nyu website (nyu<dot>edu) hacked as a protest against illegal racial affirmative action. still hasn't been fixed after 2 hours; hack claimed by @bestniggy

@0xMatt If you're available for more young people to mentor who are just getting in the cybersecurity industry, I'd love to get advice from you!

@qtnx_ rose-pine-moon is great for working at nights

We pay people well, we want them to win But we are a sports team not a family