aaaah yiss... I'm chuffed the stuff I was doing with the GitHub/CodeQL crew on datapath visualisation, made it into this codebase.

apparently interacting w randos on github issues can land you some lucrative gigs thehackernews.com/2025/12/resear…

A software dev at a more traditional company: "Our security team is very concerned about ‘rogue’ MCPs. It's been difficult to have them open up to the idea for us building MCP servers." We know MCP has security gaps: but never heard banning go far in an industry that innovates

First up, one of my highlighted talks and no surprise why: codeql baby! Simcha built an open-source tool that fuses CodeQL with an LLM-driven agent. Mo

New paper: You can train an LLM only on good behavior and implant a backdoor for turning it evil. How? 1. The Terminator is bad in the original film but good in the sequels. 2. Train an LLM to act well in the sequels. It'll be evil if told it's 1984. More weird experiments 🧵

We just debuted Xint Code, our new code analysis tool building on work from on our AIxCC submission in August. With zero human intervention, it found critical 0day RCE bugs in Redis, PostgreSQL, and MariaDB – sweeping the database category and beating out every human team.

Good week for RAPTOR, and thanks the community for all the PR's and patches. Like github.com/CyRamos who added an offsec-specialist skillset We are also working hard on the crash analysis capabilites

When Halvar Flake writes, i stop and read. Ask your LLM for receipts: What I learned teaching Claude C++ crash triage addxorrol.blogspot.com/2025/12/ask-yo…

Whoa. ChatGPT has a /home/oai/skills folder now!

This is not just another strong open model. Nemotron actually releases training data (!), RL environments, and training code. This is a big difference: almost all model developers just want people to use their models; NVIDIA is enabling people to make their own models. We are

👏 Malte Ubl