University of Akron, I am in you.

Pete Kegstand rn

Ok, I'm no malware analyst but this is off the hook. It uses WHAT to infect airgapped systems?!??! https://thehackernews.com/2026/02/scarcruft-uses-zoho-workdrive-and-usb.html #malware #aircrack

If you are interested in the science community's take on artificial intelligence, Scientific American did their last issue on it. It's on kindle freebies if you get that. (I know boo Amazon but the book thing is a good deal for us and folks get paid.) […]

SPRING DAMMIT

Good morning, Mastodon. It is Friday.

Microsoft put out some threat modeling guidance for AI systems. I'll be using it. https://www.microsoft.com/en-us/security/blog/2026/02/26/threat-modeling-ai-applications/ #ai #threatmodeling

"Hey send me the link to that 2FA code you needed me to look at." ... "No, this is JavaScript, I mean the code that... Oh. Oh no ...."

Who painted overnight? Everything is so ... white.

Oh Claude. You're winning, please don't fail us now, man. https://securityaffairs.com/188508/security/untrusted-repositories-turn-claude-code-into-an-attack-vector.html #genai #vulnerability

Or maybe not.

Current models may be easier to poison than we thought? https://www.bbc.com/future/article/20260218-i-hacked-chatgpt-and-googles-ai-and-it-only-took-20-minutes #genai #training h/t Schneier

When Mistral.ai is thinking, it posts a funny little phrase and makes it change color while it's working. It says something like "baking croissants" or "contemplating the universe". The one that's showing right now is "counting the Rs in strawberry", which is the funniest self-poke I've ever […]

Can we all just come to an arrangement right here and right now that if we're going to publish things online, we put a datetime stamp on them, especially with regards to AI, which changes on an hourly basis? I requested this a long time ago for cloud. No one did it then; then it only changed on […]

This AI shit is stressing me out, man.

Bruce asks: "Is AI Good for Democracy?" https://www.schneier.com/blog/archives/2026/02/is-ai-good-for-democracy.html #ai #politics

Half cup for the recipe, the rest for the chef.

Speaking of AI. So Anthropic apparently demoed a COBOL model for their developer console. IBM's stock FELL. Why the hell does the stock market think that making it easier to code in COBOL would make IBM less valuable?

More chips for fake money. This is not looking good.

El Reg has some words about our reaction to Claude Security or whatever they call it. Musta been reading my timeline. https://www.theregister.com/2026/02/23/claude_code_security_panic/ #appsec #ai

I believe I mentioned this earlier. Someone smarter than me needs to get their head around the ramifications of this. https://www.securityweek.com/autonomous-ai-agents-provide-new-class-of-supply-chain-attack/ #agenticai #supplychain

I use this box EVERY DAY why are there 319 updates?

Everyone tell me your favourite fucked up AI story. I'm working on a talk. #genai

why is it still snowing

Apparently they have about a one-year memory. Now blocked and reported for spam.

If your dev team is doing vibe coding and using Claude, dig into this. Might be a solid part of your new SSDLC. https://thehackernews.com/2026/02/anthropic-launches-claude-code-security.html #appsec #ai

Adam wrote some words that ask: is tech a religion? https://adamthropology.ghost.io/thoughts-on-tech-agnostic-introduction-beginnings-of-seeing-tech-through-a-religious-lens/ #technology #anthropology

Attackers learned from log4shell how best to handle and target these massive scanning operations. https://www.darkreading.com/application-security/attackers-new-tool-scan-react2shell-exposure #vulnerability #cybercrime

Remember when I mentioned AI supply chain attacks earlier in the week? Well, whoops. https://thehackernews.com/2026/02/cline-cli-230-supply-chain-attack.html?m=1 #agenticai #malware

I think I mentioned that the Hellbranch is sorta high.

Honored to be giving my updated Making and Baking An Appsec Department talk at #stirtrek on May 1st. Tickets go on sale next week! And yes, we will be talking about AI. #conference #appsec

I think I'm going to start calling it a "load bearing _just_ " when someone says just in a sentence like "Why don't you just do it this way?"

Got flood? Haven't seen it this heavy in a while.

"There’s more news below, but I’m going to start today with the British royal family. It’s kind of unbelievable we were once ruled by these people." -San Sifton, NYT But is it really, Sam? Really??

Folks, it's Friday.

EFF is drawing a line in the sand with regards to inclusion in their OSS projects. But it isn't where I thought it would be. https://www.eff.org/deeplinks/2026/02/effs-policy-llm-assisted-contributions-our-open-source-projects #genai #policy

Is overtime olympic hockey the shit or what?

It is getting to the point where the only extensions I have installed are by the big vendors. Individuals way more risky. https://thehackernews.com/2026/02/critical-flaws-found-in-four-vs-code.html #vscode #vulnerability

Oh man. Bruce has some words and they are singing my tune. The code review is getting solid. https://www.schneier.com/blog/archives/2026/02/ai-found-twelve-new-vulnerabilities-in-openssl.html #genai #sast

+3;"8&594!__?£!"!&)-)::?_!_! !!! #olympics

Weirdly creepy bot. https://mastodon.social/@jenevarose43/116091776144209852

When I joke "it'll be more secure if we take the humans out of the loop" I am JOKING people. FFS. https://webmachinelearning.github.io/webmcp/ All I have to say about that is https://infosec.exchange/@Sempf/115708305268740259 #webmcp #enshitification

Over-Privileged AI Drives 4.5 Times Higher Incident Rates. Just didn't have much to add to that. https://www.infosecurity-magazine.com/news/overprivileged-ai-45-times-higher/ #ai #authorization

Bruce has some cool links here: Side-Channel Attacks Against LLMs https://www.schneier.com/blog/archives/2026/02/side-channel-attacks-against-llms.html #llm #attackvector

New by me: On Artificial intelligence https://sempf.net/post/on-artificial-intelligence #genai #amwriting