Nathan Hamiel

Black Hat AI Track Submissions: Observations and Feedback - Perilous Tech Reflecting on the submissions for the AI, ML, and Data Science track for Black Hat conferences for the past couple of years, I wanted to take some time to

Also, I’ve previously written up some observations and guidance to think about when submitting to the AI track at Black Hat. perilous.tech/black-hat-ai...

Black Hat Black Hat

The Black Hat USA call for papers is open. This will be our 6th year of having a dedicated AI track. If you have some interesting AI research, be it attacking, defending, or applying AI, we’d love to see it. Please let me know if you have any questions. blackhat.com/call-for-pap...

The Death of Software Is Greatly Exaggerated - Perilous Tech Social media is flooded with the same hot take: software is dead! Yup, that’s right, the world runs on software, but applications are either in the grave or

The biggest hot take of the past few weeks is that software is dead. But is it really? Seems there are some fundamental realities not being considered. Regardless of success, software vulnerabilities will be absolutely everywhere. Welcome to the new reality. perilous.tech/the-death-of...

Clinejection — Compromising Cline's Production Releases just by Prompting an Issue Triager | Adnan Khan - Security Research Clinejection — Compromising Cline's Production Releases just by Prompting an Issue Triager - Security research by adnanthekhan

This Clinejection write-up is great, and I learned some things about GitHub actions caching, too. We experienced the same during our research for our Black Hat USA 2025 talk on attacking AI-powered developer productivity tools. adnanthekhan.com/posts/clinej...

If there was a killer use case for this "powerful agentic experience," surely they'd be touting it. But instead we are sold the ability to do things we can already do, just with less security and privacy.

I'll be speaking at Applied Machine Learning Days in Switzerland next week on the topic of AI Secure By Design. I discuss our AI Actor-based threat analysis method to simplify threat identification and get to value quickly.

MoltMatch screenshot

Proof that dudes will engineer systems burning hotter than the sun to avoid actually talking to women. Women, who I imagine are flocking in droves to this site 😆 This is going great! The crypto aspect is the icing on the cake. The trajectory is clear.

Here we continue our technical write-ups of the exploitation of AI-powered developer productivity tools from Black Hat USA with Qodo. The takeaway here is that knowing prompt injection isn’t enough.
kudelskisecurity.com/research/qod...

Neil Postman quote

Literacy is our greatest weapon to remain robust and defend our humanity in this invasive, modern environment. Here, I recommend 7 books to create more robust humans. And yes, Huxley was right.

perilous.tech/7-books-for-...

Hmm... The previous term was terrifying. Where could we look to find something more palatable? I know, dystopian science fiction!!!

The lengths people won't go to get themselves owned. This has been happening since 2023 with AutoGPT, only now with deeper access. This isn't rocket science, if you give something insecure complete and unfettered access to your system and sensitive data, you're going to get owned.

Wow, I said the exact same thing back in 2024 from the stage at AgileDevOps USA. It included the specific number of 14B in losses as well. I was explaining the possibility that OpenAI could go out of business in a few years.

Agentic Shopping: How Silicon Valley Accidentally Destroys Retail - Perilous Tech Recently, Google, along with Shopify, Etsy, Wayfair, and Target, created Universal Commerce Protocol. A protocol that retailers can use in their AI agents to

Treating shopping as an optimization problem could have devastating economic effects. Removing the friction from the purchasing process (aka shopping) with AI agents could cause people to buy less, not more. Retailers may want to rethink their strategy. perilous.tech/agentic-shop...

6 AI Predictions For 2026 - Perilous Tech Regardless of my opinion on tech predictions, people seem to love hearing them. While I was at the AI Security Summit in London, several people asked me for

Please don't listen to me or anyone else making AI predictions for 2026. With that said, here's my 6 AI predictions for 2026 😆 perilous.tech/6-ai-predict...

Notebook with a pen

My favorite paper at the moment. If the notebook had numbered pages and a table of contents that would make it even better.

ChatGPT Health Launch

Nothing to worry about. It supports MFA and military-grade encryption.😆 "The company analyzed deidentified ChatGPT conversations and found that more than 230 million people globally ask health-and wellness-related questions on ChatGPT every week.”

Many inefficiencies in organizations can be addressed by making simple tweaks, organizational changes, and removing unnecessary steps without adding the complexity, overhead, or potential security issues of LLMs. An LLM may be a good fit, but that should be based on analysis and realities.

The misconception that LLMs should be the first port of call for any and all problems and efficiencies can only arise in an era of hype and a lack of work experience. Anyone who’s had a job before has seen inefficiencies that could easily be addressed without advanced technology.

See you Saturday at #BSidesJax

LinkedIn Meme

Truth!

Internet detectives are misusing AI to find Charlie Kirk’s alleged shooter AI ‘enhancements’ might add details that don’t exist.

An AI consequence, completely obvious in hindsight. People slopufacturing evidence not to taint the environment, but to help and boost their social currency. When “clean up this photo” puts a new face on a perpetrator, alternate realities are created. www.theverge.com/news/776793/...

The Architects of Devaluation: The AI Slop Architecture and Its Acolytes Weaved through the fabric of the hustle-bro culture, threaded with the drivel of influencers, lies one of the biggest cons of our current age. This is the false perception that everything we do has…

Sorry, but ideas aren’t all you need, and we aren’t on the cusp of the first billion-dollar solopreneur. In this post, I look at the architects of devaluation and the architecture of slop that’s fueling misconceptions about creativity and meaning.

perilous.tech/2025/09/11/t...

YouTube video by NerdcoreForLife Monzy performs at Stanford Univ.

I just got myself pumped up for the day! 😆 Occasionally this song pops into my head and I need to listen to the whole thing start to finish.

www.youtube.com/watch?v=Fow7...

To all of the people pushing hard to coin the term “vibe security,” the joke is on you. Security has always been about vibes. 😆

I see they are remaking The Running Man, which appears to follow the book more closely. Gonna go out on a limb and say there’s a 100% chance that they don’t keep the ending 😆

First time I’ve designed an enamel pin. Terrible picture, but you get the idea. See you at Black Hat USA!

YouTube video by HueyLewisTheNewsVEVO Huey Lewis & The News - The Power Of Love (Official Music Video)

Getting ready to do our first dry run of our #BlackHatUSA talk, Hack To The Future! www.youtube.com/watch?v=wBl2...

It's going to be busy at both the #AISummit and #BlackHatUSA. It would be great to catch up with everyone. In addition to the briefings, I'm also hosting the AI Track Meetup and participating in the Review Board meet and greet. Come by and say hi. See you next week!

Thinking of prompts less as rigid, specific instructions and more as mere suggestions helps better understand what could go wrong and how to design systems that are more resilient to failure and attack. In essence, it's more prodding than programming.

I read this book back in 2020, and it’s only become more relevant. So many people make simple data mistakes and draw the wrong conclusions based on issues covered in this book.