CyberSecurity War Lord @ F200 | Strategist โข Advisor โข Evangelist โข Consultant | Former DoD Big4 F100 | I know all the 4-digit PINs in the world | -|||โโ|||-
Joined December 2012
- Tweets 51,116
- Following 996
- Followers 1,319
- Likes 40,740
10,766 Photos and videos
Pinned Tweet
Iโll believe the future belongs to AI when multiple models stop wasting my time trying to convince me and insist FOR HOURS @pfsense is running lighttpd instead of nginx.
If youโre a SME of anything, you know we arenโt anywhere NEAR โthereโ yet.
4
624
๐ฏ๐๐ป
Jun 13
I keep seeing signals
- AI coding ROI being questioned
- Hallucinations in places where hallucinations matter
- Heavily subsidized subscriptions
- Banks getting nervous around AI valuations
- Margin debt near dot-com levels
- Research showing limits that donโt fit the narrative
- Governments stepping in and restricting access to frontier models
None of these things matter on their own. But they all point in the same direction. I donโt know who pulls money out first.
But if expectations start breaking, it could get ugly very quickly.
12
๐ accurate
24
๐ฒ๐๐๐๐ ๐พ๐๐๐๐ retweeted
Jun 11
NightBeacon's Scout Forge - runs twice a day to improve model confidence, training data, new detection rule sets, better parsing of log data. All automatically. Working so good...
#BinaryDefense
2
3
26
2,852
๐ฒ๐๐๐๐ ๐พ๐๐๐๐ retweeted
Jun 12
NIST has a useful paper on AI guardrails
The takeaway is that static guardrails are the wrong security model for open-ended LLM systems.
A finite set of rules cannot cover every adaptive prompt. You can harden the system, make bypasses harder, monitor for abuse and reduce the blast radius. But you should not patch an LLM once, add a few refusal rules and call it done.
LLM security needs to look more like vuln research and detection engineering:
continuous testing, continuous updates and an assumption that bypasses will eventually be found
nist.gov/news-events/news/20โฆ
19
105
406
44,992
๐ฒ๐๐๐๐ ๐พ๐๐๐๐ retweeted
Jun 8
Less coding. Faster delivery. Smarter government services.
Low-code is helping IT teams reduce backlog, speed up development and focus on bigger priorities.
Learn more. cdw.social/4eqKDwU
#GovernmentIT
1
2
202
๐ฒ๐๐๐๐ ๐พ๐๐๐๐ retweeted
Jun 7
47
926
13,578
269,254
When โOh wow?! Youโre right?!โ is coming from me more than itโs coming from AI, then we can talk.
14
๐ฒ๐๐๐๐ ๐พ๐๐๐๐ retweeted
Jun 7
Andddd those companies will decline slowly over time. Short gross profit increase - delayed customer satisfaction hitting long term revenue
BREAKING: AI replaced over 38,000 jobs in May alone
17
14
158
137,443
๐ฒ๐๐๐๐ ๐พ๐๐๐๐ retweeted
May 27
How plumbers sleep during the AI revolutionโฆ
275
655
7,794
2,070,179
๐ฒ๐๐๐๐ ๐พ๐๐๐๐ retweeted
Jun 5
Introducing a new side project called Model Regression. It tests daily Claude, GPT, and Grok on various benchmark statistics to determine how well its performing and to identify model degrades over time.
@edskoudis had an idea for model testing before they conducted offensive testing to ensure the model was performing as expected, and @BlasikRandy pushed me down this road with actually going and doing it.
The main intent here is the frontier models will experience outages, issues, bugs, intentional/unintentional nerfing of the models without notice. You can't typically trust day to day activities in these models for stability, so leveraging this on your daily routine to see how well the model is performing for that day is something I'll be using everyday.
Runs every morning in my DGX sparks environment and automatically updates with how well its performing.
Enjoy!
modelregression.com/
Also open-sourced the project, can run on your own server as well and look at the benchmarks and how they are calculated:
github.com/HackingDave/modelโฆ
30
76
321
20,132
It's the 21st century @WestJet. You don't build a new rewards program by turning off the old one and leaving customers stranded.
You stand up the new one side by side and daily migrate new customers until the new is ready then do a cut over.
Please pass along to your CIO.
1
1
7
3,322
THIS
Jun 4
Deploying agentic AI on outdated #Infrastructure?
โThatโs like building Ferraris and trying to drive them on a dirt road full of potholes.โ
See why CDW's Nathan Cartwright says infrastructure readiness matters. cdw.social/4o3meAG
1
30
๐ฒ๐๐๐๐ ๐พ๐๐๐๐ retweeted
Jun 3
So we going back to the milw0rm days with str0ke I see..
โผ๏ธ๐จ BREAKING: Another researcher skipped coordinated disclosure entirely and dropped a critical 1-click GitHub token theft in public because he doesn't want to deal with MSRC. In his own words: "I really don't want to deal with MSRC on VSCode bugs."
The bug: just clicking a link can hand an attacker a GitHub token that reads AND writes to all your repos, including private ones. It lives in github[.]dev, GitHub's browser-based VSCode editor, which passes the browser an OAuth token that isn't scoped to a single repo. That token can touch everything you can.
Researcher Ammar Askar found that VSCode's sandboxed "webviews" leak keyboard events to the main editor. A malicious repo opened via one link can simulate keystrokes, install a local extension that skips VSCode's publisher-trust check, and exfiltrate your token. He published a working proof-of-concept.
He says when he reports github[.]dev bugs, GitHub tells him they're out of scope and to go report to MSRC, and a prior VSCode bug he reported was silently fixed with no credit. One commenter summed up the mood: "MSRC has turned into Feedback Hub."
25
20
259
41,176
๐ฒ๐๐๐๐ ๐พ๐๐๐๐ retweeted
War, AI, semiconductors, cyber, and supply chains are no longer separate conversations.
๐ฝ๏ธIn a recent @TEDx Palo Alto Talk, @DAlperovitch examines the Cold War between the U.S.-China & why Taiwan sits at the center of the geopolitical balance of power youtube.com/watch?v=sbJV7UZxโฆ
4
13
11,694
California passes bill requiring gun-blocking software in 3D printers < Another example of lawmakers ๐ฏ clueless how technology works. And people will just buy outside CA & bring in. Utter stupidity. techspot.com/news/112594-calโฆ
36
๐๐๐
Jun 1
Boarding this morningโs flight with my emotional support troutโฆ
3
68
May 21
Uber burned through their entire 2026 AI budget in four months.
Their board wasn't happy. Half the dev teams in this country are one quarter away from the same problem.
CostHawk shows the AI spend driving your roadmap and what's drifted elsewhere. Before the board asks.
32
๐ฒ๐๐๐๐ ๐พ๐๐๐๐ retweeted
Jun 1
Complete nonsense. Jensen gets it. More work, not less, and damn is it cool and exciting!
Nvidia CEO Jensen Huang responds to claims that AI is taking jobs:
"People are talking about AI decreasing jobs, it's complete nonsense."
15
4
87
11,094
Amazon joins Microsoft in sending shocking message to employees < It amazes me how cos canโt figure out that as soon as you create a ranking system, emps move to game and โballot stuffโ the system. Itโs HORRIBLE (and meaningless) incentive. apple.news/AwyLu_JeaQLWNix2hโฆ
46
๐ฒ๐๐๐๐ ๐พ๐๐๐๐ retweeted
May 31
One of the first things federal agencies need to understand is that AI agents must be treated like identities in the environment. Learn why #AccessGovernance and continuous monitoring are essential. cdw.social/4uIEcuC
1
3
217