The security vulnerability we found in Perplexity’s Comet browser this summer is not an isolated issue. Indirect prompt injections are a systemic problem facing Comet and other AI-powered browsers. Today we’re publishing details on more security vulnerabilities we uncovered.

"Some people will try to convince you that prompt injection attacks can be solved using more AI to detect the attacks. This does not work 100% reliably, which means it’s not a useful security defense at all. The only solution that’s credible is to run coding agents in a

The best thing I've read in months. Outstanding research.

The HackingTeam is back! New name, new malware, new exploits securelist.com/forumtroll-apt…

This is also a good example of how where AI provides productivity gains is tempered by the end-to-end process involved in delivering the outcome. A systems-oriented understanding of end-to-end process is required to understand how/where to best apply AI to speed up end result.

x.com/i/article/1986…

When Dan Geer writes, you read it and ultrathink about it: "Indeterminism" computer.org/csdl/magazine/…

It’s almost time for my BSides Cape Town talk, and I’ve just open sourced pipetap. My Windows named pipe proxy & multi-tool. Excited to see what you do with it! github.com/sensepost/pipe…

x.com/i/article/1997…

Two blog posts just dropped - one with the details on the bloatware pwning shenanigans I was up to earlier in the year, and another on pipetap, a new Windows named pipe proxy/tool. sensepost.com/blog/2025/pwni… sensepost.com/blog/2025/pipe…

This is some must-read research where RyotaK repeatedly destroys Claude Code's permission model.

Blog post: On the Coming Industrialisation of Exploit Generation with LLMs sean.heelan.io/2026/01/18/on-… TL;DR: I ran an experiment with GPT-5.2 and Opus 4.5 based agents to generate exploits for a zeroday QuickJS bug. They're pretty good at it. Code: github.com/SeanHeelan/ana…

Binary obfuscation in 2026: Just put ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FA... into your program 😎

We ported a complete Matrix homeserver to Cloudflare Workers. No servers. No databases to manage. Just encrypted messaging running at the edge—with post-quantum cryptography protecting every connection. cfl.re/4r5vDIg

We took and brought it to Cloudflare Workers! With the Sandbox SDK, it's secure by default. Check out the blog post to learn how it all fits together... Or skip straight to deploying 😎⬇️ github.com/cloudflare/mol…

A bit more context e.g. from Simon simonwillison.net/2026/Jan/30/mo… just wow

If you are considering taking a job offer, you may want to ask what your token budget will be.

Good piece here that sums up my views about the “Something Big Is Happening” essay. davidoks.blog/p/why-im-not-w…

Prediction: In the AI age, taste will become even more important. When anyone can make anything, the big differentiator is what you choose to make. paulgraham.com/taste.html

Short musings on "cognitive debt" - I'm seeing this in my own work, where excessive unreviewed AI-generated code leads me to lose a firm mental model of what I've built, which then makes it harder to confidently make future decisions simonwillison.net/2026/Feb/15/co…