Brooks
@brooksmcmillin.com
đ€ 25
đ„ 56
đ 11
Infrastructure / AI Security Engineer
LLMs will happily remove your auth middleware if it helps them complete the task faster. I wrote up the defensive layers I actually use: pre-commit hooks, review agents, and CI that catches LLM mistakes before they ship. ~30 seconds per commit, but worth it.
brooksmcmillin.com/blog/coding-...
loading . . .
Defense in Depth for AI-Assisted Development: Pre-commit Hooks, Review Agents, and CI That Catch LLM Mistakes | Brooks McMillin - AI Security Researcher
Practical strategies for safer AI-assisted development: automated review agents, layered security checks, and context management that prevents catastrophic mistakes.
https://brooksmcmillin.com/blog/coding-safer-with-llms/
1 day ago
0
0
0
reposted by
Brooks
Matthew Green
11 days ago
Microsoft is handing over Bitlocker keys to law enforcement.
www.forbes.com/sites/thomas...
loading . . .
Microsoft Gave FBI BitLocker Encryption Keys, Exposing Privacy Flaw
The tech giant said providing encryption keys was a standard response to a court order. But companies like Apple and Meta set up their systems so such a privacy violation isnât possible.
https://www.forbes.com/sites/thomasbrewster/2026/01/22/microsoft-gave-fbi-keys-to-unlock-bitlocker-encrypted-data/
15
444
379
reposted by
Brooks
cactuscon
27 days ago
We run a tight ship to keep CactusCon accessible, and part of that commitment is ensuring students can access CactusCon for FREE. STUDENTS! Email
[email protected]
from a valid student email account to request a coupon code for Eventbrite. We are so excited to have you join us!
#cc14
0
0
2
Speaking at CactusCon 14 next month! "Breaking Model Context Protocol: Back to Security Basics" â how MCP is repeating every OAuth mistake from the 2010s, and what to do about it. Feb 6, 3:30 PM. See you there.
about 1 month ago
0
0
0
Well, thatâs a bit awkwardâŠ
#crowdstrike
5 months ago
1
40
8
reposted by
Brooks
Matthew Green
5 months ago
Something is rotten in Denmark.
mastodon.social/@chatcontrol...
loading . . .
Fight Chat Control (@
[email protected]
)
Attached: 1 image Danish Minister of Justice and chief architect of the current Chat Control proposal, Peter Hummelgaard: "We must break with the totally erroneous perception that it is everyone's c...
https://mastodon.social/@chatcontrol/115204439983078498
1
43
15
1/5 LLMs keep recommending a Python package called "huggingface-cli" that doesn't exist. A security researcher noticed this and actually created the package to demo the supply chain risk.
5 months ago
1
0
0
reposted by
Brooks
Tanya Janca | SheHacksPurple
5 months ago
Vibe Coding Will Get You Hacked! - with @davidbombal.bsky.social
https://twp.ai/9PUaq3
0
4
1
reposted by
Brooks
Ryan Mac đ
5 months ago
Charlie Kirk was one of the main campaigners for Ross Ulbricht's freedom, and had pushed in Trump's first term for a pardon. Ulbricht's most recent speaking engagement was in July at Turning Points USA event in Tampa where he credited for helping him.
www.nytimes.com/2025/09/07/t...
31
136
36
reposted by
Brooks
Martijn Grooten
5 months ago
If you once wrote software that continues to be used beyond its end-of-life, please don't let the domain expire. If you can't afford to keep using it, contact a local CERT or something. Otherwise, this happens; victims included dissidents and journalists
www.trendmicro.com/en_us/resear...
loading . . .
TAOTH Campaign Exploits End-of-Support Software to Target Traditional Chinese Users and Dissidents
The TAOTH campaign exploited abandoned software and spear-phishing to deploy multiple malware families, targeting dissidents and other high-value individuals across Eastern Asia.
https://www.trendmicro.com/en_us/research/25/h/taoth-campaign.html
0
12
6
Google is apparently going to become an APT. Will be interesting to see how that works -
cyberscoop.com/google-cyber...
loading . . .
Google previews cyber âdisruption unitâ as U.S. government, industry weigh going heavier on offense
Google says it is starting a cyber âdisruption unit,â a development that arrives in a potentially shifting U.S. landscape toward more offensive-oriented approaches in cyberspace.
https://cyberscoop.com/google-cybersecurity-disruption-unit-active-defense-hack-back/
5 months ago
0
1
0
reposted by
Brooks
Damien Miller
6 months ago
openssh.com/pq.html
loading . . .
OpenSSH: Post-Quantum Cryptography
OpenSSH post quantum cryptography
https://www.openssh.com/pq.html
0
20
16
reposted by
Brooks
Confident Security
6 months ago
Creepers, cheaters, and privacy besiegers, youâre done! Donât Record Me will be ready soon, we let you choose when AI transcribers can capture your conversation. Big thanks to
@sfstandard.com
for the shoutout! Sign-up link here:
dontrecord.me
loading . . .
dontrecord.me
We don't like having our conversations recorded either. Here's a simple app to use during voice chat to stop recording and transcribing
https://dontrecord.me
0
0
1
Always fun to find more legitimate use cases of Adversarial AI like
dontrecord.me
which breaks AI transcribers.
loading . . .
dontrecord.me
We don't like having our conversations recorded either. Here's a simple app to use during voice chat to stop recording and transcribing
https://dontrecord.me/
6 months ago
0
2
0
you reached the end!!
feeds!
log in
