Celebrating Team Success and Future Vision for Arcane InfoSec
It is so surreal to be doing our own all-hands meeting... I'm so proud of this team. It's amazing to celebrate their accomplishments and talk about where we're taking @arcanuminfosec in the rest of 2026 and 2027. 🚀🫶 https://t.co/QrrXEjTDq8
Parallel AI Agents and Result Aggregation Boost Offensive Success
Sometimes success of using AI agents for offense is using them in multiple or parallel rounds. With different models. And aggregating the results.
Synthetic Data Promises Massive Leap over Fuzzing DBs
We've dabbled with agents and models using large fuzzing DBs as context. It was good. We are moving to tuning and training with synthetic data soon. Based on some experiments its gonna be epic. Synthetic data generated on private methodology...
Continuous Identity Exposure Monitoring Stops Credential‑Based Breaches
Most security programs are sleeping on Identity Exposure Management, and hackers are cashing in. The fastest path into an environment is almost always a leaked credential or a stolen session cookie sitting in an infostealer log. MFA doesn't help when...
AI Hits Inflection Point: Models Ready for Deep Research
The model inflection point is around the corner. Minimax, GLM, and Kimi are performing at Opus 4.5 golden-days levels. Tbh that's the point where i felt AI could really offload and help with in depth research and dev. Excited.
AI Code Tools Still Need Rigorous Human Verification
Anyone using Claude Code this week and counting on it for analysis, double-check all output and recheck that it's doing things. Even with markdown-based checklists and hard gates to verify it has run on certain things, Opus has flat-out lied...
Mythos Brings Scalable Security, Not Full VM Replacement
I’m excited about Mythos. We have been asking for scale in security for years and we are getting glimpses of it. I sincerely doubt it will replace all of vulnerability management or vulnerability research but it probably will do a...
RSA 2026: AI, Agents, and Security Reality Check
New Executive Offense: "RSA 2026: Hot Takes on AI, Agents, and Offensive Security Reality Checks" (This one is more a an opinion piece but hope you enjoy it 🫶 ) https://t.co/pMeHfOXfex
Frontier AI API Costs $100‑200 Daily for Power Users
*things* I'm musing on today: I talked to a *bunch* of friends at frontier AI labs over dinners this last week at RSA. One undertone that kept coming up was that the *max* plans for all frontier labs are not meant...
Prompt Engineering Is the Real Power Behind Agents
One thing the big leak today proves is how fucking important prompting is to an agent framework. Stop telling people it’s not. Some of the biggest current and yet to be released features are not code but prompts. Meticulously...
Anthropic AI Lacks Open Researcher Verification, Causing Refusals
. @AnthropicAI has stated previously that they want to work with the security research community. Other than the fellow program (a paid, exclusive program), where is the sign-up to prove you are a legitimate researcher, verify your identity, and report...
Litellm Breach Pales Beside Worse AI Supply Chain Threats
the litellm compromise is bad… But you’d 🤮 if you’ve seen some of the stuff in the AI supply chain I’ve seen 🫠
Demand Thorough Evaluations Before Buying AI Security Tools
RE: Agentic security testing claims Buyer beware. Make vendors provide you evals for their claims. Describe architecture. Prove workflows. Define models and tuning. Cite data sources. Provide references and case studies. Then buy 🤗
Speed Up Pen‑Test Remediation with PlexTrac’s Automated Workflow
(Sponsor) If pentest reporting takes weeks, remediation stalls. ⏱️ PlexTrac replaces spreadsheet tracking with a findings-to-fix workflow and exec-ready reporting. See Demo: https://t.co/NuE4kH3FXK https://t.co/DbP8Xmotdx
GraySwanAI Launches Real-World AI Safeguards Challenge
AI safeguards shouldn’t just sound good, they should hold up under pressure. @GraySwanAI is putting them to the test with the Safeguards Challenge: real prompts, real attacks, real failures. Think you can break them (or prove they work)? We will be playing...