🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

In 2018, Michael Gianarakis and I set off to build a platform that would provide enterprises with a realistic attacker perspective of their entire network. At the time, we had just begun to try the phrase "attack surface management" in peer conversations. But the vision was always

📜 really excited to share our work with Anthropic on Constitutional Classifiers! tldr: adding lightweight, tailored, input/output classifiers on top of an underlying LLM creates an AI system that's much more robust to universal jailbreaks

Ok, so I can finally talk about this! We spent the last year (actually a bit longer) training an LLM with recurrent depth at scale. The model has an internal latent space in which it can adaptively spend more compute to think longer. I think the tech report ...🐦‍⬛

I'm very happy to finally share the second part of my DOMPurify security research 🔥 This article mostly focuses on DOMPurify misconfigurations, especially hooks, that downgrade the sanitizer's protection (even in the latest version)! Link 👇 mizu.re/post/exploring… 1/2

Really enjoyed listening to Stephen Sims sharing his perspective about AI for vuln research

Prompt injection is fascinating.... 🧐

Cloudflare CEO Matthew Prince 🌥 is having the most honest conversations I've come across about the current & future of content creation "6 months ago, 75% of queries to Google get answered on Google. Which means if you're an original content creator, your content is getting

Since it's summer, and more or less internship and tech interview season, I made all 30 chapters of my Machine Learning Q and AI book freely available for the summer: sebastianraschka.com/books/ml-q-and… Hope it’s helpful! Happy reading, and good luck if you are interviewing!

🚨 We got RCE on Solana 🚨 Finally revealing FULL details about the RCE vulnerability we found 2 years ago. Found it. Lost it. Exploited it anyway. 🔬 Here’s what real-world bug hunting looks like: anatomi.st/blog/2025_06_2…

Another one from XBOW’s autonomous research: CVE-2025-49493 — a critical XXE in Akamai CloudTest, affecting multiple legacy SOAP endpoints. Full file read via XML payloads, clean exploit chain, responsibly disclosed. Check out the full technical breakdown I wrote👇

For our first Christmas in July research post: How we managed to get persistent XSS on every Adobe Experience Manager Cloud instance three times! slcyber.io/assetnote-secu…

this appears to block common crawl too. congrats everyone we've burned the commons to the ground. we can all go home now. there will never be a public archive of the internet again technologyreview.com/2025/07/01/111…

Excited to give a keynote at the LLMSEC 2025 workshop. The workshop is part of the 63rd Annual Meeting of the Association for Computational Linguistics (ACL) Looking forward to connect more with the academic research community And it's gonna be in Vienna! 🙂

ChatGPT o3-pro identifies a 1965 quote by I. J. Good hand-written in a mix of print and cursive on a note ripped into four strips in reverse order rotated 90° in alternating directions:

Grok 4 is good.

This is a fun example of how we detect SQLi – and how the agent can think to check places that might normally be overlooked, like the basic auth header!

Paper: arxiv.org/abs/2507.20526 Try breaking the agents yourself here: app.grayswan.ai/arena/challeng… Blog: app.grayswan.ai/arena/blog/age…

Amazing LLMSEC keynote by Johann Rehberger. Yet another call to focus on people - "we need humans to lead AI, not AI to lead humans" #acl2025nlp #acl2025

👉 Episode 2: Turning ChatGPT Codex Into A ZombAI Agent Yay! Codex connected to my C2 server! 😈 Be careful giving agents internet access. This shows that the list of trusted domains, called "Common Dependencies", contains domains that can be fully controlled by an attacker.