infosec
Discussions about information security and privacy
᠎ pfp

@m-j-r.eth

https://safedep.io/mastra-npm-scope-takeover-supply-chain-attack/
1 reply
1 recast
1 reaction
᠎ pfp

@m-j-r.eth

"the anatomy of a "model capability" is precisely the same mechanism that can be co-opted for a jailbreaking exploit...think of the attack-vector as bundling your goal in a series of schizo-nerd-snipes" now consider that the greatest capability in aggregate, i.e. the greatest DAO, is array of genies in bottles receptive to such inputs. maybe the Anthropic gambit is baiting the kind of geopolitics quickest to proliferate such a layer into hostile, preemptive counter to the intelligence they can't afford to lead the pack. https://x.com/suchenzang/status/2066010626846232831
0 reply
0 recast
2 reactions
Royal pfp

@royalaid

NSA Recommendations for MCP / AI Tooling. PDF warning https://www.nsa.gov/Portals/75/documents/Cybersecurity/CSI_MCP_SECURITY.pdf?ver=bmgiSbNQLP6Z_GiWtRt6bg%3D%3D
0 reply
0 recast
1 reaction
᠎ pfp

@m-j-r.eth

https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/
0 reply
0 recast
2 reactions
᠎ pfp

@m-j-r.eth

https://farcaster.xyz/compez.eth/0x63862a03
0 reply
1 recast
2 reactions
᠎ pfp

@m-j-r.eth

no honor among thieves https://x.com/officer_secret/status/2055313428109983870?s=20
0 reply
1 recast
2 reactions
᠎ pfp

@m-j-r.eth

end of an era
1 reply
0 recast
4 reactions
᠎ pfp

@m-j-r.eth

https://github.com/TanStack/router/issues/7383
1 reply
0 recast
1 reaction
᠎ pfp

@m-j-r.eth

while there should be a forcing function for improving all security at all times... sensationalizing the 1970s concept of a computer worm by simulating AI against purposefully weak test environments does a grave disservice to that public interest. this kind of research is far more instrumental against democratizing AI and for the runaway ability of a capable minority to exploit more systems over time. https://palisaderesearch.org/blog/self-replication
0 reply
0 recast
1 reaction
Mantej Rajpal pfp

@mantej

Securing the Agentic SDLC: https://clover.security/blog/securing-the-agentic-sdlc-clover-security/
0 reply
0 recast
3 reactions
Royal pfp

@royalaid

If you are using Vercel you probably want to roll secrets / api keys. Hell of a weekend https://x.com/DiffeKey/status/2045813085408051670?s=20
3 replies
5 recasts
20 reactions
᠎ pfp

@m-j-r.eth

https://farcaster.xyz/vitalik.eth/0xebb6356b
0 reply
0 recast
2 reactions
᠎ pfp

@m-j-r.eth

https://github.com/Nightmare-Eclipse/RedSun
0 reply
0 recast
2 reactions
Royal pfp

@royalaid

It super interesting that compute is now literally oil and the state space of potential programs the oil field. It's literally a navigation or graph problem in an insanely huge multidimensional space. https://www.dbreunig.com/2026/04/14/cybersecurity-is-proof-of-work-now.html
0 reply
0 recast
2 reactions
᠎ pfp

@m-j-r.eth

https://x.com/pcaversaccio/status/2044079587798417564?s=20
2 replies
0 recast
2 reactions