urban chicken farmer; trying to figure out what LLMs think
Joined September 2006
- Tweets 298
- Following 1,020
- Followers 2,268
- Likes 599
70 Photos and videos
Pinned Tweet
Apr 14
1/8
Mythos / Glasswing is clearly the main AI security story now: AI finding real vulnerabilities in existing production code.
For most teams, though, this question is more immediate:
Can an agent like Claude Code write a secure app in the first place?
1
4
3
701
Apr 14
1
282
Apr 14
1/8
Mythos / Glasswing is clearly the main AI security story now: AI finding real vulnerabilities in existing production code.
For most teams, though, this question is more immediate:
Can an agent like Claude Code write a secure app in the first place?
1
4
3
701
Apr 14
7/8
Fourth result: runtime testing still matters.
Static review looked fine.
But DAST found that both agents exposed /openapi.json, and Codex also left /docs and /redoc on in production.
This is exactly why runtime DAST tools like @StackHawk, @veracode, and @rapid7 are useful!
Apr 14
Cybersecurity stocks dropped for Claude Code Security. Rallied for Project Glasswing.
Same category. Very different reactions.
The difference isn't capability. It's that code analysis still doesn't send requests to your running app.
Full breakdown π
1
225
Apr 14
8/8
The takeaway:
AI can absolutely help write mostly secure app code.
But if you care about security, you still need a scaffold:
figure out your framework's boundaries, conduct explicit review of auth primitives, implement infra controls, and conduct runtime testing.
Working code is not the same as hardened code
Full benchmark: amplifying.ai/research/ai-seβ¦
1
1
113
Mar 31
1/9
The most interesting thing about the Claude Code leak for devtool companies:
Anthropic hardcoded 120 vendor names across 7 different systems in the source. Anthropic explicitly included your tool name in the code (or they didnβt π€·π»ββοΈ)
Thread π
2
1
3
741
Apr 1
@bcherny any advice on how to be included as an allowlist MCP or pre-approved WebFetch site?
1
121
Mar 31
8/9 (Plugin Tips)
@vercel is the only third-party vendor with a proactive plugin install tip.
When Claude Code detects vercel.json or the Vercel CLI, it suggests:
/plugin install vercel@claude-plugins-official
No MCP collapsing, but a different distribution channel: your tool is recommended before the developer even starts.
1
146
Mar 31
9/9
We extracted every tool and vendor name from Claude Code.
Full interactive report:
amplifying.ai/research/claudβ¦
144
Mar 31
4/9 (WebFetch Preapproval)
89 documentation domains are preapproved for automatic fetching. Claude Code can read them without the user pasting a URL.
@reactjs, @nextjs, @djangoproject, @fastapi, @awscloud, @docker, @Docker, @vercel, @netlify, @pytorch, etc.
If your docs arenβt on the list (like @vite_js, @langchain, @rails), the agent only sees them when a developer manually shares a link.
1
122
Mar 31
7/9 (API Gateways)
7 third-party AI gateways are fingerprinted in analytics: @litellm, @helicone_ai, @portkeyai, @Cloudflare AI Gateway, @kong, @braintrust, @databricks, but no sigin of @langfuse, @OpenRouter, @LangChain's Langsmith.
Detected via headers or hostnames. Purely observational⦠but it means Anthropic *could* see how much Claude Code traffic flows through your proxy.
1
136
Mar 31
6/9 (Secret Scanner)
36 credential patterns across 23 vendor families are blocked from entering team memory.
@gitlab, @slackhq, @stripe, @shopify, @openai, @railway, @render, @buildkite
GitHub alone has 5 specific rules (PAT, fine-grained PAT, app token, OAuth, refresh token).
A safety feature, but missing coverage means no vendor-specific protection.
1
120
Mar 31
5/9 (Environment Detection)
29 deployment platforms are detected by name in telemetry: @vercel, @railway, @render, @netlify, @flydotio, @cloudflare Pages, @awscloud, @googlecloud, plus @github Actions, @GitLab CI, @circleci, @buildkite.
If youβre not detected, your sessions just show up as βunknown-linuxβ in Anthropicβs analytics.
1
116
Mar 31
3/9 (Hosted Proxy)
6 vendors donβt just get UI polish. They run on Anthropicβs own infrastructure via mcp-proxy.anthropic.com:
@slackhq, Gmail, Google Calendar, Google Drive, BigQuery, @pubmed. Users click βConnectβ in claude.ai settings. Everyone else follows the 8-step README.
1
142
Mar 31
2/9 (MCP UI Allowlist)
37 MCP servers get first-class UI treatment. Their search read operations collapse into clean one-liners. Everyone else dumps raw JSON.
@github leads with 56 classified tools. Others include @Grafana (38), @datadoghq (30), @asana (29), @pagerduty (28), @sentry (18), @supabase (15), @todoist (16), @playwrightweb (13), @exaailabs (9), @firecrawl, @tavilyai (5). Every name is explicitly listed in a Set inside classifyForCollapse.ts.
1
166
Mar 23
After OpenAI/Astral acquisition announcement, we ran a benchmark on their tools.
Turns out Astral tools were already a core part of the Codex (and Claude Code) workflow for Python developers. Ruff uv came out on top in 75% of cases for linting, packaging, and pretty much everything else.
Full report: amplifying.ai/research/astraβ¦
1
1
169