"If you have an application that needs public randomness, [the League of Entropy] is the best place to go today" - Joseph Bonneau has spoken. As he presented at Real World Crypto, RANDAO is broken and VDFs are still new and spooky. Just use drand!

Trying to get your case dismissed by making a claim that your bot/product has First Amendment rights is an odd flex, and the way they had to word it to attempt to make legal sense blames the victim. Thankfully, the case wasn’t dismissed. scholarblogs.emory.edu/proflawrence/f…

Join tmlxs and me at Black Hat this year for Hack to the Future. This isn't a prompt injection talk. This is about the hidden dangers of deploying these tools in your environments and the potentially devastating vulnerabilities that can result. blackhat.com/us-25/briefing…

Gotta love Slack’s UI that keeps presenting this to me and no matter how many times I click the “Not now” it stays on the screen. Seriously, I don’t need a summary of “Sounds good” Hounding users to use AI features they don’t want or need is the new normal.

🔥 New blog post: AI ClickFix! Explores how classic ClickFix social engineering attacks can target AI agents, like Claude Computer-Use. Learn what ClickFix is, how it works in detail, and see a working proof-of-concept. Scary stuff. 👇

New essay up on my RACE TRACK site. Why You Can’t Find Anything to Watch You’re Not “The Audience” Anymore When the focus on box office sales and TV ratings shifted to a focus on subscription volume and user scaling, “the audience” changed from individual views to streaming

I’m convinced that YouTube shorts are basically cognitive bath salts, a fast track to brain rot. Their popularity speaks to a direction in our culture and our acceptance of the slopification of everything.

When I started warning about this issue over 2 years ago, people rolled their eyes. If you think cognitive atrophy is bad, wait until cognitive non-development happens, where kids fail to fully develop things like executive functions.

Pure slop. trib.al/8z26G5B

I have noticed two things about the rise of LLMs in social media/marketing that may not be immediately obvious that I felt were worth mentioning. The first is that everything is overhyped. Because the LLMs are trained to be "excited" or "impressed" they are always overly 1/11

In October, 2021, we released 4.0.3 of the OWASP ASVS Standard. This release marked the start of the Vanilla Ice (or 5.0 as everyone else called it) release. A major rethink about how we use the standard and with feedback from the community.

Of course it is, because that’s just what we do now. The fact that this has become a normal thing should be horrifying.

This is great and important work, and I’m glad these folks are on the case.

“The hype has led to a new form of software development that appears to be more like casting a spell than developing software.” This is long before the term Vibe Coding was coined. I wrote this article back in 2023, and it still holds up. perilous.tech/2023/07/31/the…

I seem to remember being promised cures for cancer and the elimination of human suffering. What we are getting instead is more surreal than a Dali painting.

Made a YouTube playlist of recordings of my talks and podcasts. To be honest many aren't great, but they may help follow the slides. For the cryptography history nerds, there’s even some vintage content (hello, PHC era). youtube.com/playlist?list=…

The reframing of AI hallucinations as "formatting issues" is not a move I saw coming. Classic example of reframing an issue to reduce its perceived importance. futurism.com/ai-slop-scanda…

“Engineers in Noida and Bangalore manually coded client projects while being instructed to mimic AI-generated responses.” It’s not only deception, it’s dehumanization, which is the inevitable result of turning humans into machines.