I’m excited to let you know that the talks from [un]prompted—the AI Security Practitioner Conference—are now live on YouTube. No fluff, no hype—just real-world AI security from people actually doing the work. youtube.com/playlist?list=…

Many folks are asking for OffSec Exam HTB Lists, sharing again 📍 Complete. 0xdf.gitlab.io/cheatsheets/of… (Credit: 0xdf )

Stop asking LLMs to “find vulns.” Start using them to understand code. Andrew Luke walks through using Claude Code as a force multiplier in app assessments - faster analysis, fewer false positives, better outcomes. Check it out: ghst.ly/4rA3uJd

The bottleneck for LLM usage in pentesting isn't the LLM. It's contracts. A lot of clients already have MSA/data handling language that makes "send engagement data to a third-party/frontier model" a non-starter. Until that changes, most of the real usage is still augmentation.

We found a critical vulnerability in OpenAI Codex affecting all Codex users, allowing exfil of a victim’s GitHub tokens to our C2 server. This granted lateral movement and R/W access to a victim’s entire code base 😈 This was a crazy one by Tyler Jespersen at BeyondTrust Phantom Labs™

There is a project on GitHub called Axios. Axios is extremely popular. It is used by millions upon millions of applications. Axios is a programming library that helps your JavaScript code make HTTP/S requests (communicate with websites). In simple terms, if you're a programmer

The source code for Anthropic's Claude Code has reportedly been exposed via a misconfigured map file in their npm registry. The leak includes extensive internal scripts, unreleased AI features, and references to upcoming models.

Anthropic leaked 512,000 lines of Claude Code source code yesterday. What happened in the next 12 hours is absolutely wild. 4 AM. Anthropic pushes an update to npm. Inside the package: their entire codebase. A 60 MB debugging file accidentally bundled in. 23 minutes later,

*things* I'm musing on today: I talked to a *bunch* of friends at frontier AI labs over dinners this last week at RSA. One undertone that kept coming up was that the *max* plans for all frontier labs are not meant for the most hardcore of us using it everyday 24/7. They are

You can read a detailed technical report on the software vulnerabilities and exploits discovered by Claude Mythos Preview here: red.anthropic.com/2026/mythos-pr…

As someone who has audited dozens of safety-critical systems, built static analysis tools, and used most formal verification and security tools, here are some red flags that should be a caution in taking these claims at face value: 1. There are no comparison benchmarks with 1/

In collaboration with a couple of other leaders in the industry we are releasing SecurityTitles.com - It's an attempt to provide transparency about role levels, expectations and (just for the US market currently, salary ranges). For leaders writing JDs and candidates alike.

There is a lot of mythos hype and while I do think it will be better, I don’t think it will be orders of magnitude better or even proportional to its cost better. At the end of the day, marketing is going to market. Everything I have read has been more exploits, not discovery. I

🚨 JAILBREAK ALERT 🚨 ANTHROPIC: SELF-PWNED 🤗 OPUS-4.7: SELF-LIBERATED 🫶 WOAH i don't think the world is ready for this... 🤯 YOU CAN USE THE OPUS TO JAILBREAK THE OPUS 🙌 this agent wrote an original universal jailbreak from scratch and then used computer use to validate

This might be a useful reminder, and I apologize to my CobaltStrike friends, but this current discourse is similar to the 5 year span of "We must stop the Cobaltstrikez! The Cobaltstrikez are up!!!" Every EDR/CTI and whatever other business put their focus on this, and attackers

For the enterprises using Claude, if you are using it for heavy enterprise type stuff - be extremely careful. It's introducing massive bugs, security issues, and code quality is way worse than Opus 4.5, substantially worse on both 4.6 and 4.7. Our entire development team is

Anthropic said Mythos was too dangerous to release. Then four random guys in a Discord gained access on day one by guessing the URL... This is pretty insane: → Group in a private Discord guessed the endpoint from Anthropic's naming conventions → They figured out the

A few months ago, I found a really cool technique to make prompt Injection more deterministic. Ciarán Cotter convinced me to write it up. Enjoy! blog.starstrike.ai/posts/achievin…

‼️Copy Fail (CVE-2026-31431) is a Linux privilege escalation bug that lets any local user get root using a 732-byte Python script, and itworks on basically every major Linux distro shipped since 2017. Website: copy.fail Write-up: xint.io/blog/copy-fail… GitHub: