Aaron Grattafiori
@dyn___
Followers
6K
Following
78K
Media
2K
Statuses
20K
Offensive Security / AI Red Teaming @ NVIDIA. Ex-GenAI and OffSec Red Teaming Lead at Meta. Ex-Principal Consultant and Researcher @ NCC Group.
Colorado
Joined March 2014
X/Twitter is mostly trash, unfortunately there's no good replacement. Can't even unpin old pins? So this is my new pin. Cool.
1
0
4
Jumping onboard the OPSEC train: Don't rely on cute tricks to stop security forces from accessing important data. Have a better system architecture that is secure against basic coercion. If you are a journalist working with someone who is committing treason, you owe it to them
13
109
444
There have been some amazing prior attacks in this area too if people aren't familiar... You know, just the most expensive attack in history NotPetya / M.E.Doc. Or SolarWinds. Or the XZ sshd patches. Or ASUS / Shadow update: https://t.co/AwyZQeBZ0K (crazy staging involved)
0
0
2
Not everyone of course is targeted this way, and going from one supply chain compromise to another isn't trivial (just ask APT29 during solar winds), but it is sometimes much easier to break into your vendor than it is to break directly into you. Everyone trusts someone.
1
0
5
This is the 8000 lb gorilla in the room. When Michael says "and their dog" he also is spot on because it's not just every vendor, but every vendor's vendor, or their GitHub account, or their coding agent, or their legacy appliance, etc. Supply chain? Supply nightmare.
In essence, when every niche utility on your computer auto-updates, you're dependent not only on the software being non-malicious at t = 0, but also on every dev and their dog staying safe on the internet for all eternity
3
3
41
GitHub - Yeeb1/SockTail: Lightweight binary that joins a device to a Tailscale network and exposes a local SOCKS5 proxy. Designed for red team operations and ephemeral access into restricted environments using Tailscale
github.com
Lightweight binary that joins a device to a Tailscale network and exposes a local SOCKS5 proxy. Designed for red team operations and ephemeral access into restricted environments using Tailscale’s ...
0
40
209
Top AI Security Videos - January 2026 1️⃣ When Vibe Scammers Met Vibe Hackers: Pwning PhaaS with Their Own Weapons - @stevenyu113228 - https://t.co/Sdv8kdKJ1C 2️⃣ How to Build an AI Security Program from Scratch - @Shanmurphycyber - https://t.co/TQRyUtxfaG 3️⃣ Security AI
0
3
20
Masked agents of the US state are executing people in the streets and powerful leaders are openly lying to cover for them. To everyone in my industry who’s ever claimed to value freedom—draw on the courage of your convictions and stand up.
54
310
2K
The scariest thing about this is the blatant lying. No investigation. No genuine desire for truth. Just a shameless coverup while a family is shattered, a funeral is prepared and a country breaks one day at a time.
Kristi Noem lies shamelessly: "An individual approached US Border Patrol officers with a 9mm semi-automatic handgun. The officers attempted to disarm this individual, but the armed suspect reacted violently ... this looks like a situation where an individual arrived at the scene
295
2K
12K
The most horrifying part of the video is how one-sided and quick the escalation is. Four or five different agents shove a woman, pepper-spray Alex, throw him to the ground, take his gun, then fire into his motionless body. He wasn’t trying to retaliate- just cold blooded murder.
288
3K
25K
Vulnhalla - Picking the true vulnerabilities from the CodeQL haystack - https://t.co/kIJS4T98MK We built an open-source tool called Vulnhalla. It allows you to download a CodeQL database directly from GitHub, run queries on it, and feed the results into an LLM. For each finding,
github.com
Contribute to cyberark/Vulnhalla development by creating an account on GitHub.
1
11
58
AI agents face a critical security threat: Indirect Prompt Injection (IPI) attacks hijack agent behavior to steal credentials and cause financial loss. We built the first system-level defense for Computer-Use Agents that actually maintains utility! That is, don't change the
3
21
107
Blog post: On the Coming Industrialisation of Exploit Generation with LLMs https://t.co/aK4pysY1wD TL;DR: I ran an experiment with GPT-5.2 and Opus 4.5 based agents to generate exploits for a zeroday QuickJS bug. They're pretty good at it. Code:
29
234
1K
Frey: "You cannot drag pregnant women through the snow. You're not allowed to take teenagers out of their car and detain them when they are in fact American citizens. That is against the law in every state. That is against our US Constitution."
2K
16K
75K
What the fuck is wrong with you? You have no idea who this woman was. You have no idea what she believed. You have no idea what an actual investigation might show. A 37-year-old American citizen was killed. Her 6-year-old son has been orphaned. Her family and friends are going
Every congressional democrat and every democrat who's running for president should be asked a simple question: Do you think this officer was wrong in defending his life against a deranged leftist who tried to run him over? These people are going to try to arrest our law
11K
23K
226K
Really good video breakdown of the shooting of Renee Good illustrating that yes, this was cold blooded murder by an ICE agent.
nytimes.com
An analysis of footage from three camera angles show that the vehicle appears to be turning away from a federal officer as he opened fire.
128
735
2K
COLLINS: After you told ICE to get the F out of the city, I've seen a lot of Republicans criticizing you for escalating tensions. What do you say to that? JACOB FREY: I'm so sorry if I offered their Disney princess ears, but here's the thing: if we're talking about what's
1K
10K
84K