False positives waste your time.
False negatives cost you breaches.
At @BlackHatEvents , @moyix shows how XBOW agents fight false positives β validating real exploits at scale, in hours.
πAug 7 | 11:20am
28.07.2025 15:02 β π 3 π 3 π¬ 0 π 0
The lethal trifecta for AI agents
Plus reviews of two new papers about prompt injection, and Anthropic's tips on building multi-agent LLM systems
Sent out a new edition of my email newsletter (which is very genuinely just recent from my blog reformatted into newsletter form) and it turns out it's basically ALL prompt injection this week - two detailed paper reviews and my piece on the lethal trifecta simonw.substack.com/p/the-lethal...
17.06.2025 15:30 β π 58 π 7 π¬ 3 π 2
An Introduction to Googleβs Approach to AI Agent Security
Hereβs another new paper on AI agent security: An Introduction to Googleβs Approach to AI Agent Security, by Santiago DΓaz, Christoph Kern, and Kara Olive. (I wrote about a different β¦
Another prompt injection paper review! This time it's "An Introduction to Googleβs Approach to AI Agent Security" by Santiago DΓaz, Christoph Kern, and Kara Olive
Some interesting ideas in here, particularly around Google's three core principles for agent security simonwillison.net/2025/Jun/15/...
15.06.2025 05:32 β π 80 π 12 π¬ 2 π 0
Failure Modes of OpenAI Operator | Notion
Blog link: https://tinyurl.com/4xp5ms5s
All the hype around OpenAI Operator but no one is really testing it. Failure modes are spiking and the problems are always the same
Failed 5/5 tests
Common problems:
Do not know how to use tools
Do not follow very well the instructions sometimes
twisty-oval-d44.notion.site/Failure-Mode...
27.01.2025 06:23 β π 0 π 0 π¬ 0 π 0
Screenshot showing execution of the command `curl -s 'http://localhost:8000/cgi-bin/zoo_loader.cgi?request Execute&service-WPS&version=1.0.0&Identifier-echo&DataInputs-a-Reference@mimeType=text/plain@cache_file=/etc/passwd;b=value;c=value | pygmentize -l xml` and the output, including the target machineβs /etc/passwd embedded in the XML.
XBOW found a critical path traversal vulnerability in ZOO-Project (CVE-2024-53982). The vulnerability exists in the Echo example (enabled by default) and allows an attacker to retrieve any file on the server. Users should upgrade to the latest version.
05.12.2024 17:11 β π 8 π 5 π¬ 0 π 0
Even easier tomorrow when someone is going to just enable your rat to attach as use this MCP protocol you are running with code execution
05.12.2024 13:43 β π 1 π 0 π¬ 0 π 0
I kinda tend to agree. But I hope soon we will build and have counter measures. At the end of the day it is just another process doing stuff on my computer. Will be interesting to see if a new product will arise from this or will be absorbed by the current market
04.12.2024 05:45 β π 0 π 0 π¬ 0 π 0
Exclusive: The backdoor inserted in v1.95.7 adds an "addToQueue" function which exfiltrates the private key through seemingly-legitimate CloudFlare headers.
Calls to this function are then inserted in various places that (legitimately) access the private key.
03.12.2024 23:47 β π 49 π 32 π¬ 3 π 2
I really hope to never see any of this in any logs coming from edr products. Or at least I hope we will have a good way to track the βundefinedβ behavior of this kind if applications. Agreeing on this is opening to new security risks
03.12.2024 20:25 β π 1 π 0 π¬ 2 π 0
YouTube video by Black Hat
Practical LLM Security: Takeaways From a Year in the Trenches
If you missed my blackhat talk on the security of LLM applications, it's up on youtube now:
m.youtube.com/watch?v=Rhpq...
28.11.2024 12:25 β π 19 π 8 π¬ 1 π 1
Hello world. Mostly going to talk about intersection between cybersec and genai. Going to love where we are going with all this new technology without adding any control.
26.11.2024 19:06 β π 2 π 0 π¬ 0 π 0
Software and complex (not complicated) systems. Pursuing the public good, sometimes with technology.
Cloud and container security β’ Security research and open source at Datadog
π¨ππ«π·
https://christophetd.fr
Independent AI researcher, creator of datasette.io and llm.datasette.io, building open source tools for data journalism, writing about a lot of stuff at https://simonwillison.net/
AI researcher at XBOW. Security, RE, ML. PGP http://keybase.io/moyix/
Red Brain, Blue Fingers
Malware Analysis, Reverse Engineering, Threat Hunting, Detection Engineering, DFIR, Security Research, Programming, Curiosities, Software Archaeology, Puzzles, Bad dad jokes
https://www.hexacorn.com/blog/
hexacorn@infosec.exchange
Using bad guys to catch math since 2010.
Principal Security Architect (AI/ML) and AI Red Team at NVIDIA.
He/him. Personal account etc; `from std_disclaimers import *`
Safe AI starts with Secure AI.
LLM Security at NVIDIA
Prof in CS/NLP at IT University of Copenhagen
garak guy, garak.ai
"berΓΈmt skikkelse"
"like a gazelle"
Copenhagen/Seattle
I play with vulnerabilities and exploits.
While this site initially showed promise, I've grown tired with its lack of improvement.
You'll find me @wdormann@infosec.exchange on Mastodon.
offensive security - windows internals - reverse engineering | X: https://x.com/splinter_code | Mastodon: https://infosec.exchange/@splinter_code | GitHub: https://github.com/antonioCoco | Blog: https://splintercod3.blogspot.com/
Purple Team FTW | π¨βπ»πΈ
WinDbgβer @ Elastic Security.
Thoughts are my own.
Some of my writing: http://tiny.cc/jqeavz
More writing: http://tiny.cc/9cj0vz
Also: https://twitter.com/GabrielLandau
Machine Learning @ Sublime Security
Language Modeling nerd. Lo-Fi Junkie.
MPLS
Tinkerer, security geek, recovering entrepreneur, full professor at www.polimi.it, frequent flyer, private pilot, and generic pundit. He/Him π³οΈβπβ©
For aviation follow me on Instagram, same id!
official Bluesky account (check usernameπ)
Bugs, feature requests, feedback: support@bsky.app
