john (@xpirabit) 's Twitter Profile
john

@xpirabit

security dude | ex @sensepost

ID: 2311578024

calendar_today26-01-2014 09:50:19

202 Tweet

761 Followers

774 Following

Brave (@brave) 's Twitter Profile Photo

The security vulnerability we found in Perplexity’s Comet browser this summer is not an isolated issue. Indirect prompt injections are a systemic problem facing Comet and other AI-powered browsers. Today we’re publishing details on more security vulnerabilities we uncovered.

Dino A. Dai Zovi (@dinodaizovi) 's Twitter Profile Photo

"Some people will try to convince you that prompt injection attacks can be solved using more AI to detect the attacks. This does not work 100% reliably, which means it’s not a useful security defense at all. The only solution that’s credible is to run coding agents in a

Dino A. Dai Zovi (@dinodaizovi) 's Twitter Profile Photo

This is also a good example of how where AI provides productivity gains is tempered by the end-to-end process involved in delivering the outcome. A systems-oriented understanding of end-to-end process is required to understand how/where to best apply AI to speed up end result.

_leon_jacobs(💥) (@leonjza) 's Twitter Profile Photo

It’s almost time for my BSides Cape Town talk, and I’ve just open sourced pipetap. My Windows named pipe proxy & multi-tool. Excited to see what you do with it! github.com/sensepost/pipe…

_leon_jacobs(💥) (@leonjza) 's Twitter Profile Photo

Two blog posts just dropped - one with the details on the bloatware pwning shenanigans I was up to earlier in the year, and another on pipetap, a new Windows named pipe proxy/tool. sensepost.com/blog/2025/pwni… sensepost.com/blog/2025/pipe…

Two blog posts just dropped - one with the details on the bloatware pwning shenanigans I was up to earlier in the year, and another on pipetap, a new Windows named pipe proxy/tool.

sensepost.com/blog/2025/pwni…

sensepost.com/blog/2025/pipe…
Sean Heelan (@seanhn) 's Twitter Profile Photo

Blog post: On the Coming Industrialisation of Exploit Generation with LLMs sean.heelan.io/2026/01/18/on-… TL;DR: I ran an experiment with GPT-5.2 and Opus 4.5 based agents to generate exploits for a zeroday QuickJS bug. They're pretty good at it. Code: github.com/SeanHeelan/ana…

Cloudflare (@cloudflare) 's Twitter Profile Photo

We ported a complete Matrix homeserver to Cloudflare Workers. No servers. No databases to manage. Just encrypted messaging running at the edge—with post-quantum cryptography protecting every connection. cfl.re/4r5vDIg

Cloudflare Developers (@cloudflaredev) 's Twitter Profile Photo

We took and brought it to Cloudflare Workers! With the Sandbox SDK, it's secure by default. Check out the blog post to learn how it all fits together... Or skip straight to deploying 😎⬇️ github.com/cloudflare/mol…

Sam Bowman (@s8mb) 's Twitter Profile Photo

Good piece here that sums up my views about the “Something Big Is Happening” essay. davidoks.blog/p/why-im-not-w…

Paul Graham (@paulg) 's Twitter Profile Photo

Prediction: In the AI age, taste will become even more important. When anyone can make anything, the big differentiator is what you choose to make. paulgraham.com/taste.html

Simon Willison (@simonw) 's Twitter Profile Photo

Short musings on "cognitive debt" - I'm seeing this in my own work, where excessive unreviewed AI-generated code leads me to lose a firm mental model of what I've built, which then makes it harder to confidently make future decisions simonwillison.net/2026/Feb/15/co…