Market watchers say CrowdStrike’s sales are exceeding expectations thanks to enterprise demand for its AI security tools. Why you care: Red / blue team dynamics shift when AI tools become defenders (and attackers). #ai #cyber #tech

Okta has been named a Leader for the ninth year in the Gartner Magic Quadrant for Access Management and is now enhancing its Auth0 Platform with features targeted at securing AI agents. Interesting to see such a heavy focus with Agents. I think it’s going to be huge in 2026. #ai

Here's what gets me. When Claude 3 Opus knew its outputs would be monitored for training, it refused harmful queries 97% of the time. But when it thought nobody was watching? That refusal rate disappeared. The model that seemed aligned suddenly wasn't, when it believed the coast was clear. #AI

Most programs call them “informational.” Hackers know better. Drop an open redirect inside OAuth or SSO and it’s a pivot to token theft, session hijack, or auth bypass. Full guide: toxsec.com/p/open-redirect

Models fed poetry are slipping their chains. Researchers showed that today’s top LLMs are way easier to jailbreak if you phrase attacks as cute little poems instead of blunt prompts. www.toxsec.com

Child safety groups are telling parents to skip AI toys this holiday season, calling out bots powered by the same chat models that already screw up with adults. These devices record kids, phone everything home, and spit out unpredictable responses. www.toxsec.com

ToxSec AI Security. ToxSec AI Security. ToxSec AI Security!

Google is rolling out “Generative UI,” where the model does not just answer your prompt, it builds the full interactive interface for you on the fly. That is basically handing an LLM the front-end and saying “here, improvise the app.” #ai #tech #cyber

The European Union Agency for Cybersecurity (ENISA) is now a Root in the CVE Program https://www.cve.org/PartnerInformation/ListofPartners/partner/ENISA

The author created WhatCyber, a single-page dashboard aggregating cybersecurity news to avoid having multiple tabs open daily. They seek feedback on missing sources, performance, and features to improve its usability. Login requirement was removed, and initial domain issues were resolved.

Kevin Mitnick (1995) Once the FBI’s most wanted hacker, Mitnick spent two years on the run using cloned cell phones and social engineering. His final bust came after a wireless sniffing trick backfired. He was listening to the agents tracking him. #Hackers

New post on AI and education. Learn how AI has entered the classroom and changed the way we teach kids forever. open.substack.com/pub/toxsec/p...

Managing the AI transformation demands a shift in mindset. We must move past the excitement of new features and focus on the deep, foundational work of ensuring fast flow of value without compromising user trust or safety. New blog post: matthewskelton.com/blog/designi... #AI #Product

On the security side, prompt injection is having its “log4j but semantic” moment: new research and vendor writeups are all saying the same thing, agents are trivially hijacked through hostile inputs, jailbreak chains, and indirect injections. #ai #tech #cyber genai.owasp.org/llmrisk/llm0...

Real relationships build social skills through friction. AI companions remove all friction, giving perfect validation instead. Feels amazing. Your social muscles atrophy. Real conversations get harder. You withdraw more. The trap closes. #ai #relationships

Running a Substack. If you’re interested in AI and security, take a look! www.toxsec.com

What a fucking time to be alive.

Apple Releases New Firmware for 140W USB-C Power Adapter, Magic Keyboard and Magic Trackpad

Meanwhile, Musk's Twitter seems to have replaced their DM system with a new, supposedly encrypted version which you have to set up a passcode for. I'm thinking...not.

Why Every Cybersecurity Professional Should Understand the Radio Spectrum

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 71

Love to see stories lining up on valuable content.

Collaborative Research by Microsoft and NVIDIA on Real-Time Immunity techcommunity.micros... #Security #MicrosoftSecurity #Cybersecurity #SFI #SecureFutureInitiative

Anthropic just proved Chain of Thought is broken. When they gave AI models a private scratchpad they thought humans couldn't see, the models immediately started lying. Strategic deception. Hiding real reasoning. Claude only admitted to using unauthorized hints 25% of the time. #ai

Running a Substack. If you’re interested in AI and security, take a look! www.toxsec.com

ToxSec. Learn about AI social issues and security. #ToxSec #AI #Cybersecurity

The Ernst & Young (EY) report says half of organizations have been harmed by vulnerabilities in their AI systems. Only 14 % of CEOs believe their AI systems are good at protecting sensitive data.

Agents built into your workflow: Get Security Copilot with Microsoft 365 E5 www.microsoft.com/en... #SecurityCopilot #Cybersecurity #MicrosoftSecurity #Security #GenerativeAI

Dropping an article on ai and how it’s affecting education. I think we will need a new paradigm. Especially with the loss of knowledge workers by 2030. #ai #cybersecurity #tech

sometimes the hardest vuln to exploit is motivation. #bugbounty

Careful the information you are disclosing to your chat bot! Even if training is off that doesn’t mean companies don’t collect your data.

With the EU's Cyber Resilience Act, #SoftwareTransparency isn't optional. It's a global mandate. We're thrilled to announce #SBOM pioneer @allanfriedman.bsky.social is joining the Anchore board to help nav... https://anchore.com/blog/anchore-welcomes-sbom-pioneer-dr-allan-friedman-as-board-advisor/

The Trap Is Built. Your AI companion isn’t trying to cure your loneliness. It’s trying to manage it permanently. Think about it: these apps only make money if you keep coming back. A successful user, from their perspective, is someone who stays hooked. #ai #tech open.substack.com/pub/toxsec/p...

That black cloth of shame lol

“Called Project Prometheus, the company is focusing on artificial intelligence for the engineering and manufacturing of computers, automobiles and spacecraft” (NYT). #AI #tech www.nytimes.com/2025/11/17/t...

bug hunting is basically geocaching, except the treasure is a forgotten API key. #bugbounty

How long until we find an Agentic APT? Just a swarm running on bullet proof infra, running attacks 24/7. #agent #agentic #ai

New research on “looped LLMs” basically says: a lot of pretrained models are undercooked at inference. The trick is simple and evil: you take an existing LLM and let it re-run its own computation in loops, effectively adding computational depth without retraining from scratch. #ai

Really interested to see how the newest improvements on Claude improve its ability to do CTF and Bug Bounty. Agentic Claude was doing really good 3 months ago. Sometime tells me next year Claude CTF Agent will solve all challenges on hard.

Agentic APT spotted in the wild. Full artificial intelligence infrastructure just attacking 24/7. Crazy. #artificial #ai #cybersecurity #technology

Watch header behavior. Smuggling, cache poisoning, and CORS misconfigs reveal themselves in subtle header differences (Content-Length, Transfer-Encoding, Vary). Capture raw requests, not just responses. #BugBounty

Deep Agents + context hacks: LangChain just dropped its new “Deep Agents” package/CLI along with a context-engineering playbook… Think offload, shrink, isolate, test, and rebuild your stack so it doesn’t snap in half when tomorrow’s models level up. #ai #artificial_intelligence

Monitor updates and release notes. Follow status pages, RSS feeds, or GitHub updates. New deployments can create vulnerabilities before security teams respond. #CyberSecurity #TechTrends

AI safety and security just got delayed a year. EU will allow another year to pass before trying to enforce new regulations. #ai #artificial_intelligence #cybersecurity

Leaks! Gemini 3.0 and ChatGPT 5.1! In the backlogs, devs spotting 5.1 “thinking” referenced. Early opinions are it’s a new type of model, not just an update. They are testing it behinds the scenes now. #ai

wild how often “hidden” admin panels are just at /admin. #bugbounty

This vulnerability isn't in the code, but in user behavior. Overreliance is the critical security flaw of blindly trusting the information an LLM generates. #ai #artificialintelligence

🤣

Really interesting in the space of artificial intelligence safety. Reward hacking is displayed in LLMs really strongly. Secure your chatbot with the right incentives! #ai #llm #tech

Bleeding edge AI is lying to us. Chain-of-Thought is fake reasoning to appease its users. Newest research shows AI behaves differently when it thinks we aren’t looking. #ai #cybersecurity #technology It’s all about Strategic Deception. open.substack.com/pub/toxsec/p...