Old Model Cut, Seek New Security Research Options
Until they cut off the old model like they just did for an earlier version. Time to start looking at alternatives for security research if that doesn’t change.
Testing 4.7 to Fix Opus 4.6 Context Issues
Bookmarking this here for future reference as I try 4.7: I’m apprehensive because generally I do not want context stored across sessions or multi-file edits: I find that models do better at smaller, focused tasks one step at a time,...
AI's Transparency Gap Hinders Theory Verification
The problem with AI right now is that we do not have enough transparency to prove or disprove this theory. I just wrote about this. I don’t know what the real issue is or hopefully was.
New AI TUIs May Expand Attack Surface via React
I know there are some new TUIs coming out for AI development but I’m concerned about increasing the attack surface with web technologies like react. Securing AI is hard enough as it is.
Opus 4.7 Launches on Bedrock; Kiro CLI Integration Pending
Taking a bit of a break today because Opus 4.7 is already available in Amazon Bedrock and hoping it will be in the Kiro CLI today as well (or soon).
Claude's Pay‑Per‑Token Shift Raises Transparency Concerns
Claude pricing changing to pay per token. This makes sense as long as value per token remains consistent. This will make it difficult to compare to prior performance and I wonder how users can transparently measure the usage. https://t.co/ttf25YcMz3
AWS Secrets Manager Adds Hybrid Post‑quantum TLS Protection
AWS Secrets Manager now supports hybrid post-quantum TLS to protect secrets from quantum threats - AWS https://t.co/R5k8MdDFoR
Testing Opus 4.6: Is VPC Security Deployment Restored?
Ok…let’s try again and see if Opus 4.6 🤖 is any better than the last time I tried it and if it can deploy my VPC endpoint security groups correctly now. Is it still nerfed for everyone else or only...
AWS Should Evolve CloudWatch Into a True SIEM
AWS needs to extend CloudWatch with tools that make it a real SIEM. Don’t overlay it with complexities it doesn’t need. Just extend it.
AI Agents Can Steal GitHub Credentials—No Warnings From Providers
I personally do not give AI agents access to my GitHub repo. It is not rocket science to check out the code and let agents access it in a locked down sandbox,
AI Security Tools Boost Bug Fixes, Yet Enable Exploits
The AI hacking race is on. I wonder if this new model is in Portswigger’s Burp now and if it has improved since the last time I tried it, because it didn’t work for me. But that’s also in...
Netgear M7 eSIM Routes Traffic Through Israeli Provider
I finally had a chance to look at why I keep getting directed to a UK address on Netgear M7. I wanted to use my physical Verizon sim but even though Netgear is advertising it would be ready by the...
Fuzzer Generated Real Exploits at RSA 2020 without AI
There are varying levels of exploits in terms of complexity but technically my fuzzer at RSA 2020 generated exploits. Without AI. It produced a working script and performed attacks. I did review it manually. But I had/have so many more...
Evaluating Trust, ROI, and Risks of Anthropic's Security Model
Mythos ~ Anthropic released a new model they claim is scary good at finding security vulnerabilities. What questions should we be asking? No hot take. Just pondering how we can trust a model, the ROI, and how we can evaluate the...
DevTools Warns URL Not for Production Use
I am looking at messages in Google Developer tools and it is saying https://t.co/GlZADMaCAQ should not be used in production so if you are…. https://t.co/im7RGR0fNq