A few weeks ago, I coded an HTTP to MCP bridge, so you can use your favorite HTTP tools to assess the functionality exposed by a remote MCP server. It would be great if you could contribute with your feedback. Thanks!.

I have seen many articles written on MCP and its security, but I think there is still room for some in-depth analysis and for some security tips resulting from it. Even if you have read other articles, you may still learn a thing or two. Do have a read!.

RT @NullMode_: Great post from @JoseSelvi on securing MCP (Model Context Protocol) setups for LLMs 👇. It sparked a….

Have you ever used PyRIT for AI Security Assessments and Red Teaming? Learn how it works under the hood and maintain control of the process by proxying it!.

RT @ctbbpodcast: If you need to spin up a spoofed NTP server, try using Delorean!. Features include:.✅ Flag-based config for custom scenari….

Great to see tools like @radareorg and #evilwinrm incorporating AI-powered capabilities. Looking forward to seeing others do the same!.

RT @OscarAkaElvis: Fresh meat! We've created a new Evil-WinRM branch with integrated multiple AI LLM support. New docker image, new gem (ge….

Thanks to @NavajaNegra_AB for giving me the opportunity to share my experience with transformers and AI security with such an amazing audience. It was great to spend a few days meeting and old friends, and also to make new ones! This is why I love this event. See you next year!

On Oct 3, I'm speaking at @NavajaNegra_AB on "The Power of Transformers." Explore how they work, their unique vulnerabilities, and protection strategies, focusing on prompt injection. See you there! #MachineLearning #Cybersecurity.

RT @wunderwuzzi23: 🔥 Microsoft fixed a high severity data exfiltration exploit chain in Copilot that I reported earlier this year. It was….

RT @clintgibler: 🤖 TL;DR: Every AI Talk from Hacker Summer Camp 2024. There were >60 AI-related talks at @BSidesLV, @BlackHatEvents, and @d….

RT @anvil_secure: Our latest blog is now live courtesy of @Kachakil! After an accidental discovery and no small amount of poking around, Da….

RT @taviso: This strange tweet got >25k retweets. The author sounds confident, and he uses lots of hex and jargon. There are red flags thou….

RT @wiz_io: Kudos to our research team and @sagitz_ for uncovering this 🚀.Read the full blog by @sagitz_ & @shirtamari .

RT @wiz_io: Wiz Research discovered a vulnerability in @Ollama that let them compromise any exposed Ollama server. 😲.📷. This flaw could all….

RT @securestep9: #Google's publishes details of #LLM assisted #vulnerability research project code-named "Naptime" because it allows Google….

RT @xennygrimmato_: Great results on CyberSecEval 2!."Project Naptime", an agent from the Project Zero team at Google, achieves new top sco….

Is refusing to use a LLM the modern equivalent to not wanting to use the spell checker of your favorite text editor? When used properly, it's an amazing tool that nobody should mind using.

RT @virustotal: "YARA is dead, long live YARA-X!" 🎉 . After 15 years, YARA gets a full rewrite in Rust, bringing enhanced performance, secu….

RT @clintgibler: 🙌 YARA is dead, long live YARA-X. @plusvic announces YARA-X, a completely new implementation in Rust. * Better command-lin….