First time going to Bsides Seattle or any other Bsides! Already got pretty good interest and great questions about the talk on day 1 π
28.02.2026 06:44 β
π 1
π 0
π¬ 0
π 0
Quentin Deslandes will speak on 'bpfilter: an eBPF-based firewall for fast packets filtering!' as part of our Kernel & Low Level Systems track at SCaLE 23x. Full details: www.socallinuxexpo.o...
12.02.2026 19:20 β
π 2
π 1
π¬ 0
π 0
Docker sandboxes now appear to use micro-VMs... Now it's getting interesting :-)
31.01.2026 22:46 β
π 0
π 1
π¬ 0
π 1
Looks like the hidden TeammateTool in Claude Code is getting a lot of interest... The version I reversed engineered, 2.1.9, unfortunately doesn't have it, but now there's a reason to do it again π
29.01.2026 18:42 β
π 1
π 0
π¬ 0
π 0
That's pretty funny! If they get to decide when to escape it then it's not really sandboxing :-)
20.01.2026 07:17 β
π 1
π 0
π¬ 0
π 0
Secure Container Images
Pretty cool... hardened open source container images from the german government container.gov.de , gitlab.opencode.de/open-code/oci
18.01.2026 20:13 β
π 0
π 0
π¬ 0
π 0
That's a better way to do it where it's ok if the LLM "gun" goes off accidentally or intentionally (e.g., due to a prompt injection) :-)
Giving it blanks could be an option in some cases too
18.01.2026 19:29 β
π 1
π 0
π¬ 2
π 0
Don't give your LLM a gun if you don't want it to shoot... Asking nicely in the system prompt doesn't work π
With a full and "physically" unrestricted "Bash" tool the LLM will still find a way around those instructions especially with who knows what contained in the files the agent reads π
18.01.2026 18:54 β
π 1
π 0
π¬ 0
π 1
Notice how much the system prompt tries to influence its model to be read-only. That prompt covers the basic (and non-malicious) happy path pretty well though the prompt itself is the evidence that they had to update it a few times to force that read-only behavior.
18.01.2026 18:53 β
π 1
π 0
π¬ 1
π 0
Don't give your LLM a gun if you don't want it to shoot... Asking nicely in the system prompt doesn't work π
The code "Explore" agent from Claude Code code snippet I shared earlier is a good "bad" example of that.
18.01.2026 18:49 β
π 2
π 0
π¬ 1
π 0
The Design & Implementation of Sprites
So that we may educate as well as horrify: the internals of our new Sprites execution platform.
Cool follow up post about the design behind the Sprites agent sandboxes from Fly dot IO (from Thomas Ptacek himself :-)) fly.io/blog/design-...
18.01.2026 03:13 β
π 1
π 0
π¬ 0
π 0
The code "Explore" agent from the reverse engineered Claude Code (much bigger system prompt compared to "Bash" :-))
18.01.2026 02:46 β
π 1
π 0
π¬ 0
π 0
the next one will be for the "Explore" agent that's used to explore code...
17.01.2026 19:31 β
π 0
π 0
π¬ 0
π 0
A snippet of the reverse engineered Claude Code showing its "Bash" agent (one of the smallest system prompts in CC :-))
17.01.2026 19:09 β
π 0
π 0
π¬ 1
π 0
Sprites - Stateful sandboxes
Pretty cool, sandboxes from Fly dot IO
sprites.dev
11.01.2026 00:53 β
π 0
π 0
π¬ 0
π 0
Reverse engineering Claude Code is a fun way to start the new year π It's the biggest AI coding agent out there and it's a Bun app compiled to an executable.
A teaser π
ripgrep.node
resvg.js
tree-sitter.js
ripgrep.js
ripgrep.node
resvg.wasm
tree-sitter.wasm
...
04.01.2026 00:47 β
π 4
π 0
π¬ 0
π 0
Detecting "persistence" is one of the key features in security tools like EDR (that's one of the first things CrowdStrike had when the team was building the product early on) and this makes it possible to evade them. No "persistence", no detection π
02.01.2026 20:29 β
π 0
π 0
π¬ 0
π 0
What if you could make your container vulnerabilities disappear... so you can later exploit them whenever you want π I'll show what it looks like at Besides Seattle this February
02.01.2026 02:43 β
π 2
π 0
π¬ 1
π 0
YouTube video by Lenny's Podcast
Why securing AI is harder than anyone expected and the coming security crisis | Sander Schulhoff
Interesting to hear someone (not a rando) saying that "AI guardrails don't work" (so all those AI Security companies selling guardrails are selling snake oil. He didn't say this part out loud :-)) www.youtube.com/watch?v=J998...
22.12.2025 03:52 β
π 1
π 0
π¬ 0
π 0
If you are building AI agents in Rust, Skreaver is a pretty cool project to check out. It aims to be the Tokio of agent systems.
15.12.2025 21:42 β
π 0
π 0
π¬ 1
π 0
In the battle of autonomous coding agents between Github Copilot and Google Jules fixing a bug in #DockerSlim , GitHub Copilot won while Jules got lost so many times before coming up with anything relevant π
14.12.2025 20:24 β
π 2
π 0
π¬ 0
π 0
Wonder why I mentioned React2shell... Those vulnerable Next.js apps often run in containers and guess what happens to the exploits if those containers are Minted and reinforced with what I've built π Powered by #DockerSlim tech.
09.12.2025 23:48 β
π 0
π 0
π¬ 0
π 0
YouTube video by Theo - t3β€gg
Watch this if you use React
Pretty nice video about React2Shell from Theo, the big Next.js vulnerability that's making its rounds: www.youtube.com/watch?v=UiCE... It also show the fundamentally different approach from developers vs security people to the security vulnerabilities.
08.12.2025 22:31 β
π 1
π 0
π¬ 0
π 0
And, of course, it means the opposite. It'll slow down the defenders scrambling to understand and triage the technical details to have the right kind of mitigation...
07.12.2025 21:23 β
π 0
π 0
π¬ 0
π 0
React2Shell even got its own website, but sadly there's still default security by obscurity thinking in many publications where people think that by not talking about the actual vulnerability it'll stop bad guys.
07.12.2025 21:23 β
π 0
π 0
π¬ 1
π 0
