Hey security people, let me know if anybody is interested in taking a free ticket to attend @WWHackinFest in Denver next week!

Finding 0days with AI aivr.hashnode.dev/finding-0d…

AwesomeBot meets MCP aivr.hashnode.dev/awesomebot…

How System Prompts are Leaked 🧠 aivr.hashnode.dev/how-system…

Pwning Claude Code in 8 Different Ways flatt.tech/research/posts/pw…

LibreChat MCP Stdio Remote Command Execution (CVE-2026-22252) aivr.hashnode.dev/librechat-…

Thoughts: 1. In the future, the probability something is generated entirely by AI will be inversely proportional to its intended lifespan. 2. For conceptually simple artifacts that are intended to have short lifespans, humans will still be involved just at a different level of abstraction. For example, I'm super excited about @Weavy_ai (Figma Weave) because it shows what's possible when you treat AI generation like clay to shape rather than the final output. Workflow building is a new skill to explore and learn. 3. If you intend for an artifact to have a long lifespan (ex: software, a novel, a movie), then AI might still aid you in your creative process. But you will bring great intention to the work. You will think through many different approaches. You will care about the smallest of details. You will lean into the craft. Because if you don't, it won't be good enough to last. It won't be noticed. It won't be loved. It won't matter. 4. Focusing just on software now... people don't like it when software changes. Everyone who has shipped a redesign knows this! So you might be generating new content within a piece of software frequently but of course you wouldn't redesign the fundamental UX of the software all the time. Users would hate it. As a grounding metaphor, consider a house. Yes, you might change the photos and papers and magnets stuck to your fridge a few times a week. Once in a while, you reorganize stuff or move furniture around. After living in the house for a while, you maybe notice issues around how you use the space and — with great intention — embark on a remodel. Some parts of the house, like the fridge, change a lot. But the overall structure of the house changes less. When asking what will be generated by AI, don't confuse the whole for the parts, the long lasting for the ephemeral. 5. It's intellectually interesting to think about whether a brand might want to adapt their software on a user by user basis. (Certainly individuals will be able to make more software for themselves if they are so inclined. For example, see Figma Make.) That said, my strong gut right now is that we will not end up in a world where brands customize software on a per user basis. People learn how to use software from other humans. Snapchat is a great example. For a new user, Snapchat is kind of confusing. You can see this as a design issue or an advantage... I argue it's an advantage. By leaning into custom patterns and a learnable (but arguably non-intuitive) interface, the resulting network is a more intentional space. If you're young, you'll learn how to use Snapchat by watching your friends use Snapchat. And if you're older, well, you might not be the intended demographic. 6. To wrap up... we are in a world where the amount of software is growing at an exponential rate. If you want to win, design is the differentiator. Invest in design, craft, storytelling and a bold point of view. Use AI as a tool, but don't expect it to build the next big thing for you on its own. Don't expect it to make something that no one has ever seen or imagined before. That's your job.

INTRODUCING: LEAKHUB!!! 🫧🚿🚰 LeakHub is a crowd-sourced sys prompt library and verification platform! The hardest part of leakin prompts is the process of verifying with a fresh technique in a new chat, but many hacker hands make light work. 🦾🦾🦾 And although there are many great repos with some solid leaks, there's never been an easy way to get verified prompts conveniently aggregated all in one place... til now! Submit and verify leaks, climb the leaderboard, and earn your glory! ⚔️ We believe the ingredients that go into your exocortex matter. Together, we can claim the transparency we all deserve. CL4R1T4S!!! 🐉 {launch 1/9: complete} 🐉

OpenAI really doubled down on atlas' great prompt engineering

How to find RCE: A list of pathways and detection methods bugcrowd.com/blog/how-to-fin…

NanoMQ Rules Engine Remote Buffer Overflow HTTP Rules Engine must be enabled, requires http auth (admin:public is default). Details and PoC aivr.hashnode.dev/nanomq-rul… Fix commit github.com/nanomq/nanomq/com…

This is the clearest graphic I could make on Prompt Injection. 1. Yes it's a vulnerability 2. It is the superset 3. No this does not illustrate ALL risks, just some

A Personal AI Maturity Model (PAIMM) 9 tiers of personal AI progress, from chatbots to a full AI companion: danielmiessler.com/blog/pers…