Adam Shostack's Avatar

Adam Shostack

@adamshostack.bsky.social

Threat modeling. BH Review Board. Affiliate Professor, UW. Fixed autorun. Helped create CVE. Not sure why we're building graphs on yet another (effectively) centralized system. https://infosec.exchange/@adamshostack

3,048 Followers  |  374 Following  |  700 Posts  |  Joined: 12.07.2023
Posts Following

Posts by Adam Shostack (@adamshostack.bsky.social)

Preview
Shostack + Friends Blog > Appsec roundup - Feb 2026 This month's roundup starts with losing oneself, continues with cool new threat modeling tools and applications, and continues into appsec, AI and regulation.

Just published the Feb 2026 Secure By Design AppSec Roundup β€” smart threat modeling tools like Flowstrider, a push for secure coding policy, OAuth/API key issues, emerging AI risks including agent auth & RCE findings, plus S+A news (new COO & first GPS threat advisory). is.gd/jAgBcg

03.03.2026 23:48 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

hypebeast.com/2026/3/anton...

03.03.2026 19:57 β€” πŸ‘ 70    πŸ” 14    πŸ’¬ 4    πŸ“Œ 2
03.03.2026 17:47 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

There will be a huge fight over whether copyright vests in works generated by a few humans using AI tools. That will determine whether it is economically viable for large creative industries to replace lots of human creators while still being able to window and monetize the content the AI spits out.

02.03.2026 20:51 β€” πŸ‘ 8    πŸ” 2    πŸ’¬ 2    πŸ“Œ 1
Farewell, Felix Β· The Recurity Lablog

"Farewell, Felix" - a blog post by Nico Lindner and Recurity Labs on the passing of Felix "FX" Lindner. RIP FX :(

blog.recurity-labs.com/2026-03-02/F...

02.03.2026 17:25 β€” πŸ‘ 9    πŸ” 5    πŸ’¬ 0    πŸ“Œ 3
Post image

RIP FX - You are a legend

02.03.2026 05:03 β€” πŸ‘ 52    πŸ” 23    πŸ’¬ 6    πŸ“Œ 2

It was hard for me to be chatting since we had a few folks watching from bsides, and the chat window was very small. I'm glad to be able to see it now.

02.03.2026 01:36 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

This is really beautiful, wow. What they did with our chat...

youtu.be/uK41l_c2A_Q

02.03.2026 01:28 β€” πŸ‘ 16    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Jason Snitker - "Parmaster" Memorial Service - Feb 28, 2026
YouTube video by Deb Kavaler Wysopal Jason Snitker - "Parmaster" Memorial Service - Feb 28, 2026

πŸ•―οΈ Par’s Memorial πŸ•―οΈ
Link below.

Please watch the CHAT video in the description.

Rest in peace, Jason Snitker
Legend. Always.

youtu.be/0qMRIZWCrJw?...

02.03.2026 00:55 β€” πŸ‘ 11    πŸ” 8    πŸ’¬ 1    πŸ“Œ 3

bluesky clippy: hey there! you seem to be mad at something but not the person you’re yelling at. would you like some help self-regulating?

28.02.2026 23:24 β€” πŸ‘ 2378    πŸ” 331    πŸ’¬ 24    πŸ“Œ 7

Japan seems like a counter example to the restoration of democracy theme?

01.03.2026 00:07 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

The judges in WV have seen enough.

They say that if the ICE continues detaining people in ways they have unanimously deemed illegal they will start issuing civil fines and contempt findings β€” including against state officials who help them carry it out.

storage.courtlistener.com/recap/gov.us...

28.02.2026 13:58 β€” πŸ‘ 9692    πŸ” 2788    πŸ’¬ 305    πŸ“Œ 216

So mass surveillance is ok as long as it doesn’t β€œtarget” Americans?

28.02.2026 03:52 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Good morning BSides SEA. I’ll be presenting at 3pm on A New Hope for layering defenses. Come for the Star Wars references, stay for the collaboration.

27.02.2026 19:00 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

It’s not fraud because they wrote the words β€œrisks include: we might be defrauding some investors” on page 1,372 of the prospectus.

27.02.2026 05:07 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Venture capital, baby

27.02.2026 05:03 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Has Jack Dorsey ever run a profitable company?

That seems sort of relevant in evaluating his claim that AI changes everything.

27.02.2026 04:37 β€” πŸ‘ 1    πŸ” 4    πŸ’¬ 0    πŸ“Œ 0
Post image

ICYMI: The DEF CON 33 Hackers' Almanack is out now.

Hackers have made it clear what policymakers should know and quickly act upon.

It's time to start listening to what the experts have to say⬇️
harris.uchicago.edu/sites/defaul...

#CyberCivilDefense #Take9 #HackersAlmanack

25.02.2026 16:20 β€” πŸ‘ 7    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
Preview
How to turn off AI features in Firefox, or choose the ones you want | The Mozilla Blog Other browsers force AI features on users. Firefox gives you a choice.Β  In the latest desktop version of Firefox, you’ll find an AI controls section

AI controls are now live in Firefox 148. A single place to manage, customize, or completely block AI features in the browser.

See how it works here ⬇️ blog.mozilla.org/en/firefox/h...

24.02.2026 18:16 β€” πŸ‘ 170    πŸ” 58    πŸ’¬ 19    πŸ“Œ 20

I'm old enough to remember when you didn't need ID to get on a plane, and I'm old enough that no one asks me for ID for beer.

24.02.2026 21:49 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

This leads to the F index: the highest number of fiction authors each of which you have read F books by. I think mine is 8:

Adrian McKinty
John Grisham
Tana French
Kurt Vonnegut
Agatha Christie
Stephen King
Michael Connelly
Carl Hiaasen
Walter Mosely

23.02.2026 03:06 β€” πŸ‘ 6    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0

β€œThe Congress shall have power…to declare war.”

23.02.2026 00:32 β€” πŸ‘ 649    πŸ” 109    πŸ’¬ 33    πŸ“Œ 10
No public school, school district, or public employee acting in an official capacity shall engage in the pedagogy, praxis, or inculcation of critical theories or related practices that promote division, dialectical world-views, critical consciousness, or anti-constitutional indoctrination.

No public school, school district, or public employee acting in an official capacity shall engage in the pedagogy, praxis, or inculcation of critical theories or related practices that promote division, dialectical world-views, critical consciousness, or anti-constitutional indoctrination.

Sorry I missed this the other day. New Hampshire Republicans are literally banning the teaching of dialectical thought. What a world.

(Bill passed House, now goes to Senate with GOP majority, and then to GOP governor.)
newhampshirebulletin.com/2026/02/19/h...

22.02.2026 21:01 β€” πŸ‘ 10    πŸ” 4    πŸ’¬ 2    πŸ“Œ 3
Post image 22.02.2026 21:04 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

oh, no, I meant if you're an attacker, operate one, and then leave it mis-configured so you can have deniability.

22.02.2026 21:02 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

I mean, "provides direct access to the core cell network" seems like a pretty good reason to operate one!

πŸ˜‰

22.02.2026 20:50 β€” πŸ‘ 5    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

I submit, respectfully, that you're weird. 😁

22.02.2026 18:13 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

It's never a good sign when someone needs to declare someone else's "real name," that they can define for you.

In a free society, you can call yourself whatever you want, introduce yourself that way, & expect polite people to call you that.

You don't remember Bob Dylan's other name … & who cares?

22.02.2026 17:06 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 0    πŸ“Œ 2

This is incredibly blunt antisemitism, obviously, but it's worth pointing out that the core of itβ€”that Jews are not "true" Jews or are perhaps even fakeβ€”is maybe second most common antisemitic belief in America and has been rapidly spreading across the left for quite a while.

22.02.2026 16:02 β€” πŸ‘ 386    πŸ” 73    πŸ’¬ 14    πŸ“Œ 3
Original post on infosec.exchange

If only there were a conflating factor that muddied the picture, he wrote, quote tweeting on his pocket computer.

But alas, I have no cognitive capacity to make a counter-argument in this reel. @markhurst.bsky.social […]

22.02.2026 00:20 β€” πŸ‘ 1    πŸ” 2    πŸ’¬ 1    πŸ“Œ 0