My 10k-word writeup on exploiting a heap-overflow in Llama.cpp's RPC Server's Tensor-operation to RCE. This by far is one of the most challenging but fun exploitation I've ever researched on. https://t.co/aPLJyDF4Vq

Vocabularies are the lossy interface between thoughts and understanding. Hidden vectors carry meanings; tokens are merely the symbols we use to approximate them. https://t.co/A2JG7qqpfD

https://t.co/jZ67gmEX2W

https://t.co/FUquhhFG7x

I have at least spent a entire month of four months working on pwno just on k8s (gke), ignite... distributed system is a pain in the butt, but i guess if you do it right you can do such cool things (that scales)

We decided to open source Pwno-MCP: the MCP system for autonomous binary-level security research, a keystone behind Pwno's research architecture. Feel free to contribute or just try it out, we'll love to hear about how you solve pwn challenge with it! https://t.co/IljRU8RbNV

Our interview with Dark Reading at Black Hat https://t.co/BaqF0zvbsR

Just stepped off the stage at Black Hat USA as the youngest speaker in history. It's such an exciting but emotional moment sharing a project I've worked for almost a year to the world, months of work into thirty minutes. Just proud that this idea came from a piece of scratch

GGML is the tensor processing library used in Llama.cpp and other projects for AI inference, quantization and more. o4-mini and I spent an afternoon exploring the security of the GGML RPC server, writing a fuzzer and fixing some minor issues I uncovered. https://t.co/h6t1hEqPRh

These are 51 reports I submitted to Huntr last year (23-24), 28 RCEs, 11 LFIs, 34k words in total https://t.co/eeO0C9zyVw

watching chatgpt agent use a computer to do complex tasks has been a real "feel the agi" moment for me; something about seeing the computer think, plan, and execute hits different.

that's why sink-to-source is just naturally logically sensible and efficient, it's just a manner of recovery rather than discovery (**the point here is the latent information), this is what i think called context relevance specifically for logical tasking. putting this to

It's fun to think sinks have a hidden caller-chain state (counterintuitive), and sink-to-source are essentially recovering a hidden states, rather traditional dynamic pruning process.

refreshing counternarrative view on ai https://t.co/PI4cDFn1un

We Found a Heap Overflow in llama.cpp's Tokenizer https://t.co/XovQ63afkX

The reason why we put so much faiths on Transformers on low-level security is because they're natural processor of information, the only part where they're naturally better than us as human is their granularity in context awareness - something engraved in their attention heads

@pwnoio

our latest finding allows you to heap-overflow llama.cpp with a manipulated prompt, via a bug in llama.cpp's tokenizer api, found by @pwnoio.

the thing is @pwnoio really needs a base indexing so we can tell him how to pwn, but existing softwares have terrible retrievals on knowledge base like https://t.co/h5f6s82Hhd (chinese, in-depth). just want to something easy to use in agents workflow and less expensive