AI Code Tools Still Need Rigorous Human Verification
Anyone using Claude Code this week and counting on it for analysis, double-check all output and recheck that it's doing things. Even with markdown-based checklists and hard gates to verify it has run on certain things, Opus has flat-out lied about completing tasks to save time 5-6 times this week for projects. Just fyi.
Mythos Brings Scalable Security, Not Full VM Replacement
I’m excited about Mythos. We have been asking for scale in security for years and we are getting glimpses of it. I sincerely doubt it will replace all of vulnerability management or vulnerability research but it probably will do a...
RSA 2026: AI, Agents, and Security Reality Check
New Executive Offense: "RSA 2026: Hot Takes on AI, Agents, and Offensive Security Reality Checks" (This one is more a an opinion piece but hope you enjoy it 🫶 ) https://t.co/pMeHfOXfex
Frontier AI API Costs $100‑200 Daily for Power Users
*things* I'm musing on today: I talked to a *bunch* of friends at frontier AI labs over dinners this last week at RSA. One undertone that kept coming up was that the *max* plans for all frontier labs are not meant...
Prompt Engineering Is the Real Power Behind Agents
One thing the big leak today proves is how fucking important prompting is to an agent framework. Stop telling people it’s not. Some of the biggest current and yet to be released features are not code but prompts. Meticulously...
Anthropic AI Lacks Open Researcher Verification, Causing Refusals
. @AnthropicAI has stated previously that they want to work with the security research community. Other than the fellow program (a paid, exclusive program), where is the sign-up to prove you are a legitimate researcher, verify your identity, and report...
Litellm Breach Pales Beside Worse AI Supply Chain Threats
the litellm compromise is bad… But you’d 🤮 if you’ve seen some of the stuff in the AI supply chain I’ve seen 🫠
Demand Thorough Evaluations Before Buying AI Security Tools
RE: Agentic security testing claims Buyer beware. Make vendors provide you evals for their claims. Describe architecture. Prove workflows. Define models and tuning. Cite data sources. Provide references and case studies. Then buy 🤗
Speed Up Pen‑Test Remediation with PlexTrac’s Automated Workflow
(Sponsor) If pentest reporting takes weeks, remediation stalls. ⏱️ PlexTrac replaces spreadsheet tracking with a findings-to-fix workflow and exec-ready reporting. See Demo: https://t.co/NuE4kH3FXK https://t.co/DbP8Xmotdx
GraySwanAI Launches Real-World AI Safeguards Challenge
AI safeguards shouldn’t just sound good, they should hold up under pressure. @GraySwanAI is putting them to the test with the Safeguards Challenge: real prompts, real attacks, real failures. Think you can break them (or prove they work)? We will be playing...
Combine Naabu and Nmap for Depth, Simplicity, Speed
Port scanners ranked after 15+ years: Nmap → depth Naabu → simplicity RustScan → speed Pro tip: naabu -nmap-cli gives you best of both 🔗 https://t.co/8qHOyCzgAg | https://t.co/LFDCFb3Rgg | https://t.co/d56KN90GG9 https://t.co/WGqy7g65sd
CLI‑enabled Agents Risk Identity‑changing Prompt Injections
With autonomous agents who have access to the command line, like Claude code and Open Claw, you don't only have to worry about prompt injection that executes commands and operations, but you also have to worry about prompt injection that...
VPS as Reliable Fallback for Browser‑Only Tasks
Why not a VPS for Molt? In my use cases, research and testing, sometimes fetch and browser tools are blocked by anti-bot tech, or there is some workflow that doesn't have an API.... it's purely browser driven. With cui and...
Gain Real Visibility Over Fast‑Moving Agentic AI
Agentic AI is moving fast and most teams lack visibility into what’s actually happening. Meet our sponsor for this weeks newsletter: @harmonicsec ! Harmonic's Security’s MCP Gateway is a lightweight, developer-friendly gateway that gives security teams real visibility...
Claude Extension Serves as Fallback when Browsers Blocked
When you don't have an Skill/MCP, a headless browser is blocked, curl and fetch are blocked... the Claude extension is a slow but serviceable backup.
