A great reward for a team that has been committed from day one to disrupt the market with an innovative product that our customers love!

Chrome just became massively more agent-friendly 🔥 Your real, signed-in browser can now be natively accessible to any coding agent. No extensions. No headless browser. No screenshots. No separate logins. Just one toggle to enable it. Check this out: developer.chrome.com/blog/ch…

Are Aussie teens really being kept off social media? 🤔 I just shared my experience with the new social media ban. The data so far is surprising. Parents: share yours too 👇 stillnotbanned.social #socialmediaban

Oh dear. X.com's new anti-bot solution seems to be struggling under the pressure...

Saturday vibes: coded a functioning config model UI for Puppeteer stealth. #vibecoding

The #vibecoding lifecycle

🔥 Just scored 190 points (Expert level) on our Bot Detection Challenge Built this as internal training - turned out way more fun than expected Think you can beat my score? It's trickier than it looks 👀 Accuracy speed both count, just like real systems is-it-a-bot.vercel.app/

I was reading a HN post about a new Chrome header `x-browser-validation` that appeared in the wild. The quality of the discussion is just absolutely abysmal, but it turns out to be quite interesting: - I first tried to validate if the post is actually talking about something real and the answer is: Not really. At least not generally. You can easily validate by going to any[See below] website and check devtools. - Chrome does NOT actually generally send a new header called x-browser-validation (a lonely commenter on HN realized this but was ignored) - However, knowing Google quite well, I was like: “Maybe it is real, but they only send it to their own properties” - Turns out that is right. google.com and youtube.com (at the very least) actually do get the header - Can it be used for tracking? Not really, it’s sha1(userAgent hardCodedAPIKeyThatIsNowOnGithub) - Can it be used for validating real browsers? No, cause, like, it’s a hard coded value - What is it for then: My guess is that this is used to remove noise from experimentation that happens during Chrome version and potentially feature roll out. It must be a use case where there is more accidental spoofing than malicious activity

so, you think you know your captchas hey? I built a tool on @vercel to test your knowledge know-your-captcha.vercel.app… Match the captcha vendor to their "frictionless" human interaction.

This human is annoyed by the captcha

@github I'm unable to access GitHub support because the Arkose CAPTCHA returns a 400 Bad Request error every time. I also cannot send an email to support@github.com (it's blocked). My username is Yukkurisiteikitai. How can I get support?

Vercel BotID: The best CAPTCHA is invisible! Powered by Kasada's industry-leading deep analysis technology for detection of the most sophisticated bots with minimal false-positive rates. await checkBotId();

RT @vercel: BotID is a new invisible CAPTCHA layer of protection that stops sophisticated bots before they reach your backend. It's built…

For those that are interested, I've posted about my recent departure from Kasada here: linkedin.com/posts/nick-rien… It's been a wild ride, but it's time to do something different. With all the AI stuff happening it just feels like the right time. thanks @InfoSecSam for all the fun times....

Shafted by the LinkedIn truncator

14 hrs left…

Only 1 day left on this poll. I've just spent the day with one of my teams and we identified 5 different ways to significantly improve our productivity. Keen to get a broader perspective. For those at college =this has to be have a radical impact on how you work???