Gadi Evron

יש גם. שנים האחרונות את הטרנד של סדרות טלוויזיה wholesome בסגנון של Ted Lasso. אין לי דוגמא טובה מפנטזיה פרט לa wizard’s guide to defensive baking וזה מרגיש לי stretch

I have questions about pineapple, though.

אני מכור לlitrpg שבו אין באמת חשש לחיי הדמות, קונפליקט מהותי, והכל סובב את הגדילה או אפילו הpower creep של הE4. באופן דומה (קונספטואלית) יש את מי שממש פאנס של הרומן הרומנטי, שבו ידוע כיצד הכל יסתיים ושהם יהיו ביחד, רק צריך לראות איך.

Thank you Jim Reavis, Illena Armstrong, John Yeoh, Caleb Sima, and the rest of the team! I look forward to working together, pushing the world forward.

And thank you to the Knostic board for supporting me in this advisory endeavor.

I always appreciate the opportunity to volunteer, especially when CEOing. My commitment to the community couldn’t be served better than by joining the Cloud Security Alliance as CISO-in-Residence for AI security. I’ll also be facilitating CISO community organization and relationships.

Prompt||GTFO #2 | July 24, 2025 - YouTube The Prompt Pit with host Gadi Evron is an AI practical security conversation with a focus on sharing actual stuff. In a world of vibe slop, we're taking AI b...

Videos for Promp||GTFO are out for event #2:
www.youtube.com/playlist?lis...

We'll be back for another round on August 14th, post hacker summer camp, but likely only for a couple of episodes before we finish the season.

“A rebellious, charming, hacker.”
Codebreaker, by Jay Martel, as spied at Barnes & Noble.

We’re rebellious and charming, just to make sure all y’all know.

Critical Vulnerability in AI “Vibe Coding” platform Base44 | Wiz Blog New discovery underscores security implications of AI-powered development and the rise of “Vibe Coding” Platforms.

This is my *Pikachu surprised face*

www.wiz.io/blog/critica...

pupp13 award updates! As the nominees for Vegas Summer Camp are truly good dogs, we've decided to create stickers for each and every of them.

Below is the first sample, my puppy, Shadow "Sniffer". Hacker handle: shad0w.

Inspiration: MSRC

Prompt||GTFO #3: The Fellowship of the Pit **We're closing in on the end of the season, where Prompt||GTFO will take a break. Submit your talk soon.** Welcome to the Prompt Pit, where in a world of vibe slop, we're taking AI back from the mark...

We're back for the third iteration of Prompt||GTFO! Let's take AI back from the marketers.

Join us this Thursday (July 31st)!

Register:
forms.gle/iV1yUTHgqXZH...

Apply to attend CSides Las Vegas 2025 The various CISO communities are joining forces to bring you an unforgettable evening of chill vibes and sharp minds - CSides Las Vegas. Gather alongside: - Cloud Security Alliance - CISO Society - P...

Just spoke with @gadievron.bsky.social about C-sides: a new event he is organizing in Vegas during hacker summer camp.

If you are planning to be in in Vegas August 4th please sign up! forms.gle/BDk25fTSZSwY...

CISOs working the bar, games, poker, etc it promises to be a highlight of the week!

Hi folks, Prompt||GTFO is returning this Thursday (24 July), at noon Eastern. Let's take AI/ML back from the marketers.

For access, please register here:
forms.gle/HMUvJ8CU4GQY...

Nearly 2,000 MCP Servers Possess No Security Whatsoever Authentication in MCP — the backbone of agentic AI — is optional, and nobody's implementing it. Instead, they're allowing any passing attackers full control of their servers.

Nate Nelson from Dark Reading covers our MCP internet mapping research at Knostic, quoting our very own Heather Linn.

Article:
www.darkreading.com/vulnerabilit...

Research:
www.knostic.ai/blog/find-mc...

Check out Knostic at: knostic.ai

See you there!

Exposing the Unseen: Mapping MCP Servers Across the Internet Knostic mapped 1,862 internet-exposed MCP servers via Shodan. 100 % lacked auth, revealing immature and risky GenAI endpoints.

At Knostic we mapped MCP servers on the Internet. No surprise: Exposed - absolutely no security. Yes surprise: Not many out there. They are also unstable (bad tech).

We also share a deep dive into fingerprinting MCP.

Shoutout: @shodanhq

www.knostic.ai/blog/mapping...

With thanks to Knostic for the organization and support, and to Ryan Moon for the ideation and photo skills

An AI practical security conversation with a focus on sharing actual stuff. Screenshares with code/English and interesting happenings, versus boring black magic LLM slide purgatory.

Everyone who speaks must share. lnkd.in/d-kbSNgu

This real??

Spain awards Huawei contracts to manage intelligence agency wiretaps Huawei will manage and store judicially authorized wiretaps in Spain, under a contract that bucks the trend of Western governments restricting use of the Chinese tech company's products and services.

Wow. Spain is putting salt typhoon out of business. They are just going to hand it all to them: Huawei contracted to manage their wiretaps….

therecord.media/spain-awards...

Prompt||GTFO: A Zoom Prompt Pit Welcome to the Prompt Pit. Whether you’re a CISO Excel jockey or a researcher sniffing for the scent of bits, if you made AI useful and you're willing to show your work, then come join us. We prefer s...

-----
Register to watch live or get the video in email:
Just fill the form, ignore CFP.

Submit a presentation:
Fill in the CFP parts.

Form:
forms.gle/YVBbTXwc6Wt2...
-----

WIth thanks to Knostic for organization and support.

- Jonathan Braverman - Legal analysis for what ChatGPT hides in contracts
- Gadi Evron - Simple language fingerprinting in spear-phishing attacks

- Daniel Goldberg - TBA
- Rotem Bar - Security songwriting
- Imri Goldberg - Teaching my kid how to code a game
- Roei Sherman - TBA
- Andre Gironda - TBA

- Dragos Ruiu - Getting LLMs to hack themselves
- Dave Kennedy - TBA
- Justin Borland - Detection rules conversion
- Nicholas May - CISO corporate workflows with serif
- Heather Linn - Red teaming
- Rick Deacon - Automating away the annoying
- Nir Krakowski - Voice across languages and accents

- Sounil Yu - Autonomous vendor mapping with the Cyber Defense Matrix agent, Neo
- grugq - Auto-citation for academic work
- David B. Cross - TBA security management
- Brandon Dixon - Tooling for testing and benchmarking in agentic systems
- Aaron Zollman - TBA

Host:
- Gadi Evron

Co-host for insight session:
- Bruce Schneier

Presenters:
- Thomas Dullien (Halvar Flake) - Claude code and Gemini CLI optimizing PyTorch
- Gary Hayslip - Strategic data gathering from controls
- Ryan Moon - Threat hunting logs magic

Date and time for first event:
Thursday, July 17, 12 pm Eastern/9 am Pacific/6 pm CET/7 pm Israel/9:30 pm India.

Initial lineup:
(To be updated for both speakers and details, as not all confirmed yet, and not all would fit in the first session)

This is the Anti-Vibe club, show off your (?:(?!marketing propaganda|UNIX terrorists|sun tzu|blockchain quantum encryption|wolf of wall street|hooded hacker|Web2.0|Ajax|NFC|ai-powered thermometers|matrix code imagery|AREYOUPROTECTED\?)(code|prompt terrorism|agentic manipulation|log analysis)).

CFP:
We don’t care if it’s reversing, GRC, coding, threat hunting, budget building, or poem writing, let’s show off our prompts (it's okay for them to be broken), learn, and punch miscreants (or at least have fun trying).

Following the Prompt Pit, the presenters will discuss amongst themselves in the Insight Corner, starting with sharing one reflection or idea each.

Rules of the pit:
- Screen sharing > slides
- You’ll have 3 to 5 minutes to demonstrate what you built
- At the end of your time, the crowd will vote whether to grant you 3 to 5 minutes more
- All active attendees must be presenters (but you can register to watch).