tag
#hot-takes
Short-form takes — quick reactions and sharp one-liners.
You get to choose your hard
Being known for what you're against is easy. Being known for what you're for is hard. You get to choose…
It's con season
It's con season — Black Hat, DEF CON, and the summer security-conference circuit are nearly here. The best research of the year…
Find it and fix it
A fun exercise: run various models against deliberately vulnerable apps, and eval them on their ability to identify the vulns and effectively patch them…
Prompt-injection bumper stickers
Prompt injection is climbing out of the chat box and into the physical world. Print an adversarial instruction big enough for a camera to…
Words mean things
If the AI era teaches you anything, let it be the lesson that words mean things.…
The top five turtles in a stack of 50
AI defense and code review get the funding, but hospitals still run XP and Ivanti falls over weekly. The security industry is ignoring 45 of its 50 turtles.…
Cryptographically enforced disclosure
A speculative proposal: cryptographically enforced vulnerability disclosure using a drand-triggered dead-man switch to make CVD fallback dates unbreakable.…
Peacetime cyber versus wartime cyber
Cyber defense doctrine was built during 15 years of peacetime; the transition to wartime and austerity demands a rewrite of what we accept as polite.…
AI isn't the problem — asymmetry is
AI isn't the security problem — it widens the asymmetry between vulnerability discovery and remediation, putting attack capability in many more hands.…
Mythos feels a lot like Snowden
Mythos is to vulnerability awareness what Snowden was to surveillance: the moment the zeitgeist finally caught up to what insiders already knew.…
Security-focussed test/fix is basically “sparkling QA”
A short reaction to Firefox's claim that AI-found defects are finite: security-focused test-and-fix is basically QA wearing a fancier hat.…
We don't have a slop problem.
The real security problem isn't AI slop — it's that vulnerability research and the broader industry can't prioritize what actually matters in the noise.…