Incredible to have helped build the first AI system to reach #1 in the US on @Hacker0x01 ! We found a LOT of great bugs :D

Very profound signage (the signs below gave directions to various exam classrooms)

Can it really be a coincidence? Smart Investors Hold Gold. Find out more at Goldhub

Had a lovely time up at Columbia today talking about AI agents for offsec at the DAPLab!

The first exploitable vuln was found was during the demo 😮 This is what it looks like when AI becomes part of the workflow instead of just another tool. Try for yourself by December 26th and we will guarantee an exploit validated security finding or you don't pay. Get

Huge appreciation to the Seznam team! On their first demo, XBOW identified a critical vulnerability with zero access and zero prep, just autonomous offensive security doing real work for a real customer. It’s the kind of partnership that proves what matters.

It has been absolutely delightful to work with Seznam over the past year – they've given us great feedback as we've built out new features, and I'm very happy they're finding XBOW valuable!

I know this is going to make me sound old, but how are people actually using agents to modify existing codebases? Even with Opus 4.5 I find myself rejecting every other request because it's doing something wrong

Okay guys that “average person commits three felonies per day” thing was a warning not like a KPI you need to hit

Try it out here:

NGL I'm mildly nervous we're doing this but if you want a risk-free way to try out XBOW it's a good deal!

A POC for CVE-2025-55182 https://t.co/BcyJ1UbivA

Sorry I'm not going to be interviewed by some low-level Sonnet flunky, send me Opus if you want your questions answered

(TBH I haven't actually run it so maybe it's all hallucinated)

LMAO, found one already... and the code / writeup is most def Claude Code

https://t.co/fESzwnZFoK

If you are really, truly lucky, you will be in a situation where you can recognize whether the reliable specialized solution will work up front, and then fall back for cases you can’t handle. But often the problem is not that friendly

You will probably be surprised at how much smaller Y is than you expected, and how many wickedly difficult problems are in the (100-Y) section.

X will probably get bigger over the next year. You hope. If scaling continues and the labs like things adjacent to your problem

Right now all design problems for LLM-based apps feel like a choice between: - Solve it for 100% of the problem space at X% reliability - Solve it for Y% of the problem space at 100% reliability (And you don’t know the values of X and Y up front)

It's sort of dispiriting that for obvious-in-retrospect economic reasons the vast majority of interactions people will have with LLMs at any given time is with very cheap, very bad models

Our report from the SAGAI workshop (located with @IEEESSP ) is now out: https://t.co/SXVgLHmaRo It defines the "systems security" approach to AI agents and captures many research challenges when applying systems principles to securing AI agents! This is v1. v2 is coming soon!