Chained 6 vulnerabilities to get RCE on @UnitreeRobotics days ago. They pushed V1.1.11 a day later "patching" (not really) the RCE. The @pwnoio boys are unstoppable, new RCE using the same primitive. Crazy blog dropping soon 🔥🔥🔥 @retr0reg

If you’ve got solid python skills, strong appsec background & you’re curious about applying your skills to AI/ML security, come join my team at HiddenLayer. Great pay, benefits, fully remote, working alongside amazing talent & awesome people

It had to be done 💸

We're putting out the transcript for our talk - Deductive Engine: Human Inspired Taint Reasoning at OffensiveAICon. Have fun reading! https://t.co/ye08VRKpYT

X algorithm deprioritizes posts with link in post... so here you go! https://t.co/HRwDkefMnI

We've published the full transcript + additional technical details from our Offensive AI Con talk on Deductive Engine: Human-Inspired Taint Reasoning. If you missed it or want the under-the-hood details, check out the link below!

I'll be presenting one of our most interesting work: Deductive Engine: Human-inspired Taint Reasoning, this Tuesday at @OffensiveAIcon. As a Teaser, Deductive Engine not only able to replicate the finding of UniPwn (CVE-2025-35027) - but surprisingly finding two stack-based

I'll be @OffensiveAIcon - come find me! Joining the incredibly talented researcher @retr0reg, founder of @pwnoio, on stage Tuesday discussing LLM-driven binary taint analysis using deductive reasoning & human heuristics

New blog just dropped 🤠 I've spent hours boiling down why adversarial examples fundamentally exist, distilled down to technical crystal-clear explanations anyone can grasp. This is what I wish someone had given me months ago. Give it a read ❤️ https://t.co/rVsC25b11v

My old team is hiring! Its one of best internal Red Teams IYKYK. Lots of complex & challenging ops in an environment with $1B/yr cyber spend. Huge training budgets & all the toys/gadgets money can buy 😎 the team is seriously amazing. Check out the posting for more details

Great research 🔥 pretty insane level of risk to leave your users exposed to for months. Not implementing an immediate fix & waiting on protocol upgrade feels kinda shitty. The full article + triage timeline & conversation is worth the read.

Check out @hiddenlayersec newest transferable & universal prompt attack technique coined "Policy Puppetry". It's hot out of the oven & ready for you to use on your next red team 🔥 https://t.co/zXMjX1vOUW

Happy to announce that I've joined the world's best @HiddenLayerSec! 🔥 I'm absolutely pumped to be securing AI with this insanely stacked & talented team. Good times on the horizon 😎

So those vulnerabilities I found in that sex toy app 3 years ago... the ones where I could access 60,000+ accounts & all their super private data? They might FINALLY be fixing everything. Super weird experience. Heavily redacted blog post dropping soon if all goes well 👀

Finally finished reading 🤯 this is 100% a must read. I dont know of anyone else who's consistently finding insane vulns in AI/ML projects & posting writeups/sharing their thought process. Patrick doesn't miss 🎯

Maybe its a mindset issue, but spending time reading AML ATK/DEF papers to midway realize its 99% useless in the real world feels... annoying? Especially when proven w/ unnecessary constraints + the fact that research clusters are so far detatched from "real" deployment clusters

👀👀👀🔥🔥🔥🔥

Happy holidays folks! Here's to happiness, love, success, and as always stylish shells 🐚 in the year ahead ❤️

It's a hard sell

Dopped a spicy 25-min read exploring adversarial ML 🤠 It's a mix of in-depth & light peppering of the broader field. So much I couldn’t fit (extraction, inversion, poisoning), but I hope it sparks curiosity. Made for learners no fancy background ❤️ https://t.co/QE1j0tu4Jl