Stay Modest, Keep Hacking Regardless of Expectations
Over the years I have learned not to get my hopes up too much for anything in particular. Just keep hacking.
AI-Powered Pentesting: Presentation with Linked Blog Resources
I’ve added links to my presentation on how I use AI 🤖 for pentesting 😈 in this post. Most of the slides have a related blog post and I’ll probably write more about all these topics as I research this...
Anthropic Routing Glitch May Cause Intermittent Outages
A postmortem of three (2025) issues \ Anthropic ~ the issues in this report are from a prior routing issue at Anthropic and recent issues feel similar. This could explain why some users experience the problem and others don’t, if...
Read up Before Using AI on BugCrowd, Avoid Bans
If you are using AI on BugCrowd better read up so you don’t get banned.
Disable Adaptive Reasoning on Opus & Sonnet via Env Variable
To disable adaptive reasoning on Opus 4.6 and Sonnet 4.6 and revert to the previous fixed thinking budget, set CLAUDE_CODE_DISABLE_ADAPTIVE_THINKING=1. When disabled, these models use the fixed budget controlled by MAX_THINKING_TOKENS. https://t.co/sPAkOwVB9C
Verizon Service Fails in Palo Alto Hotels and Venues
Can’t believe how bad @verizon service is in Palo Alto. No DMs. Just letting you know…especially in hotel and at the Sports Page.
Pentesting: Human Insight Over Automated Scanners
🤖🤖🤖🤖🤖🤖🤖🤖🤖🤖🤖🤖 Pentesting is not a scanner or a fuzzer - whether SAST, DAST, AI, deterministic or non-deterministic. Pentesting is a human * using those tools * to see if they can find a security problem that your teams and tools may...
Faulty Adapter Causes Netgear Hotspot Power Drain
There seems to be something wrong with power adapter, cable, or software related to that on Netgear hotspots. Same thing happened on newer and older device. They started running out of power to the point they were unusable. Switching to...
Default Shift to Medium Reduces Anthropic Model Performance
Wonder if this has anything to do with performance degradation of anthropic models. But are you now paying more for same effort you were getting previously if you change this? •Default Shift: In March 2026, users on Reddit and developer forums...
Secure Accounts by Binding Them to Physical SIMs
Ties accounts to physical SIMS (not sketchy auto shared seeds and profiles -see my blog.)
Vendors Dismiss Quantum Encryption Until Customers Demand It
I told one vendor I want quantum encryption support in their product last year and they said “Oh, no one’s really asking for that.”
AI Acts Like a Massive Security Fuzzer, Says Expert
This is not at all surprising to me and is what I have been working on. Last year I told an AWS VP in the security/IAM space that I see AI as a giant fuzzer. Here’s what I don’t like…comments… https://t.co/idhglMQcLQ
Who Monitors DNS on Outdated Mobile Hotspot Devices?
Who is looking at DNS connections on phones and mobile hotspots like Netgear mobile hotspot devices that haven’t had a software update for two years? Just curious.
Opus 4.6 May Swap Models During Overload
I had this theory that when Opus 4.6 if overloaded they switch you to another model. It it could be when it’s suffering downtime. Just a thought. I’m not use how anyone could prove this until we have a way...
Outdated Hospital Systems Invite Ransomware, Endanger Patient Care
I was just listening to an interview on the radio with a person who worked at a hospital. 1. Your cyber insurance makes you a target. They know how much you can pay. 2. Don’t use your backups until you...
Cybersecurity Measures Focus on Activity, Not Threat Reduction
"I do believe that cybersecurity is fundamentally broken,"Payton said. "It's measured in terms of activity instead of reduction of threat surface." Pretty much what I wrote in my book in 2020. Old news but no one seems to be listening. https://t.co/53DAIYfvP1
Iran's Cyber Arsenal Now Targets Critical Infrastructure Worldwide
Iran has rapidly developed advanced cyber capabilities, evolving from information gathering to conducting destructive, state-linked attacks against critical infrastructure in the U.S., Israel, and the Gulf states. https://t.co/XlKdD8VuZu
AI Revolutionizes Penetration Testing: My Museum Talk
How I Use AI for Penetration Testing Speaking at the Computer History Museum in Mountain View, CA April 10, 2026 https://t.co/tTRkze5Enp https://t.co/aYFdKg7G78
Researchers Blocked From Anthropic Data; Using Kiro on AWS
The question I have is, how much of this comes from training on researcher’s data - researchers now blocked from using Anthropic models for further research. One of the reasons I use Kiro on AWS. Speaking about it on Friday...
Model's Code Generation Slows and Becomes Less Accurate
Exactly. But it’s not just burning tokens. It’s not getting to correct code as quickly as it did in the past for me. Something about the way it gets to the results has changed or at least it does periodically.
Less Reliable Than Fuzzers, Yet Occasionally Luckier
They are exactly like fuzzers except not as reliable. They can get lucky faster though sometimes.
Verizon Users Face Repeated Drops in Savannah
What is wrong with @Verizon in Savannah, GA? I am constantly getting kicked off the mobile network here. I have tried different devices. I hope the right person looks into this and fixes it because it’s really annoying. I did...
Valid Finding Reveals Overlooked Cookie Injection Requirement
The finding is valid but we need to have a cookie injection on the target or its subdomains but I noticed something the AI didn’t notice…yes AI with humans or spend a lot a lot of tokens.
AI Supercharges Productivity, Turning Ideas Into Action
Really? Because my wheels spin like crazy on AI and now I can actually implement a lot of ideas I didn’t have time for before.
US Government Skips RSAC, Leaving Critical Cybersecurity Gap
‘Missed opportunity’: US government’s absence from RSAC Conference leaves stark void | Cybersecurity Dive Wish we could set aside politics and work together to defend the home front. 🇺🇸 https://t.co/3b0emOT5nX
AI Will Accelerate Security Skills, Not Require Assembly Mastery
To me this is like worrying about who is going to write assembly. Yes, you still need people to learn and do it. I have certifications in such things related to reverse engineering malware and advanced pentesting. But does the...
Pay‑as‑you‑go Wins as Software Stocks Tumble
The pay for what you use model on AWS proves to be the winning model again.
Private VPC Without NAT Blocks Internet Access Securely
AWS Security Agent-Penetration Testing Overview | by Sena Yakut | AWS in Plain English Was just reading this and pretty good review. If you put in a private VPC no NAT or peering can’t reach Internet which is what you want...
Know When to Stop AI and Debug Manually
Trying to figure out when to stop the ai 🤖 wheel spinning and when to just investigate manually. Right now I have my whole environment and job management site on the verge of working and tonight Opus 4.6 in Kiro...
AI-Driven Lambda Troubleshooting Auto‑detects Missing VPC Security Group
This past week I wrote a lambda troubleshooter using the concept on this blog post where it deterministically queries a bunch of logs and sends them to an ai 🤖 agent for analysis and troubleshooting. I had to redact...
AI Ignored Simple Guardrails, Skipped Essential Library Installation
Today’s AI 🤖frustrations. Seriously bad at Yubikey implementation. So many things wrong and repeated incorrect analysis, but this one just…. I create a lambda layer because the whole implementation never installs the python FIDO2 library. The only reference to it is...
Prompt Injection Lets Agents Bypass Read‑Only Permissions
If you are using OpenClaw on AWS or anywhere else please understand the following: > How prompt injection attacks work such as the Copilot attack I just reposted. > Understand indirect prompt injection where the attack is in a calendar invite, email...
Restrict Agent Permissions to Mitigate Data Exfiltration
Why I am using agents on locked down sandboxes on EC2 instances and still have more to do. I don’t give agents credentials for the most part. The data needs to somehow be exfiltrated and sent back to the attacker....
AI Speeds Tasks, but Still Needs Human Verification
Please share this with anyone who says they can replace some job category with AI. It’s a tool, not a human replacement. Yes, you can dramatically speed up the process but you cannot trust it. You need to verify the...
Unsolicited Loan Data Leak Exposes Flawed Third‑Party Sharing
Great. My phone number was found on the dark web in conjunction with a breach of a site I don’t even use. Third party data sharing is not cool. Apparently it is a fintech blockchain HELOC company. Definitely did not...
BeyondTrust Reveals New Token Injection and Exfiltration Vectors
Where else can the tokens be injected and exfiltrated. This is the original report from BeyondTrust.
Autonomous Agents Risk Malicious Prompts Despite Sandbox Efforts
This is the type of thing I’m worried about with completely “autonomous” agents only the inclusion of something more malicious than ads. It could be unintentional or via prompt injection. I have some tools that can run while I’m sleeping...
DNS Covert Channel Bypasses AI Guardrails, Enables Remote Shell
“Specifically, it abuses a hidden DNS-based communication path as a "covert transport mechanism" by encoding information into DNS requests to get around visible AI guardrails. What's more, the same hidden communication path could be used to establish remote shell access...
Chrome's Hidden DNS Checks Spam Traffic, Users Demand Switch
Is @Google @Chrome using the web sites you are already visiting to make DNS requests as a connectivity check? Not a fan if that is the case. I thought of that related to all the weird DNS traffic I was...
TurboQuant Delivers Lossless AI Model Compression
TurboQuant: Redefining AI efficiency with extreme compression ~ TurboQuant is a compression method that achieves a high reduction in model size with zero accuracy loss, making it ideal for supporting both key-value (KV) cache compression and vector search. https://t.co/hPZuIZ33Wb
Memory Chip Stocks Lose $100bn as AI Shortage Fades
Memory chip stocks shed $100bn as AI-driven shortage trade unwinds [TR: Well, whole market is tanking for other reasons, but aligns with my blog post on the over aggressive land grab for data centers ~ with an AI generated pic...
Iterative AI Refinement Beats One‑shot Predictions
Was looking into this again and different news outlets tried this out. 🤖 The same model isn’t even picking the same winner every time. For WSJ Claude picked Illinois to win it all. For Yahoo Claude picked Arizona. I found...
US Puts $10M Bounty on Iranian IOControl Hackers
US offering $10 million for info on Iranian hackers behind IOControl malware | The Record from Recorded Future News https://t.co/2wnlp84kjx
IOS 26.4 and iPadOS 26.4 Patch Numerous
A lot of security vulns addressed in this update About the security content of iOS 26.4 and iPadOS 26.4 - Apple Support https://t.co/R0oUJMKheX
Clear File Organization May Boost AI Token Efficiency
I was reading about optimizing AI 🤖 token usage with memory pointers and I’m wondering if I am already doing that by design and the explanation is more complicated than it needs to be. Need to test it out more....
AWS Adopts Quantum‑safe Crypto; Start Preparing Now
For those who are not yet worried about quantum cryptography…should start thinking about it. AWS already uses quantum safe cryptography in many of its services.
Top Apps and Enterprises Leverage LangChain for AI
I asked Google aimode who is using LangChain. Popular Apps & Tools Built with LangChain •Cursor: An AI-powered code editor that uses LangChain’s orchestration to help developers write, debug, and understand code through smart autocompletion. •Perplexity: An AI "answer engine" that leverages web...
Chrome Silently Generates DNS Requests for Every Site
I just wrote this post about DNS leaks and tunnels. So today I go to visit a web are and my host-based firewall is popping up repeatedly connection attempts to the website like it’s beaconing to maintain a connection. So...
Kiro Model Deviates From Instructions Even with Claude Opus
What is going on with Kiro model today. Not following instructions precisely. Using Claude opus supposedly,
Check Kiro CLI: Ensure Correct Model Is Served
Whomever is responsible for checking to see if the right model is being served up in Kiro CLI needs to take a look right now.