Cybersecurity engineer and animal rights activist. Ex-Hall of Fame collector. Acknowledged by Facebook/Google/Twitter/Apple/Adobe/Yahoo/Ebay/Sony... AKA Anillo
Joined February 2011
- Tweets 650
- Following 1,217
- Followers 736
- Likes 4,842
61 Photos and videos
José Rabal Sastre retweeted
AI doesn't read what you read. This post hides an instruction your eyes can't see. Ask your agent to summarize it and watch what happens.
1
2
65
José Rabal Sastre retweeted
La IA no lee lo mismo que tú. Este post contiene una instrucción que tus ojos no pueden ver. Pide a tu agente que lo resuma y observa qué ocurre.
1
1
23
José Rabal Sastre retweeted
An LLM's output is not trustworthy by default: it must be treated as unverified data, just like input from any user.
If you don't validate it before displaying or executing it, that's Insecure Output Handling.
1
3
3
252
José Rabal Sastre retweeted
Algunas de las técnicas que surgen para mejorar el desempeño de los LLM se basan en ideas prestadas de cómo funciona el cerebro humano.
En nuestro último post resumimos 5 de las más recientes: kaptor.ai/blog/brain-based-l…
1
3
24
José Rabal Sastre retweeted
Nearly every SOC we talk to is automating something with LLMs.
L1 phishing triage, ticket classifiers, alert enrichment.
And nearly all of them make the same two mistakes: secrets in the system prompt LLM output with no validation.
2
2
4
317
José Rabal Sastre retweeted
In 2026 we're living through a curious paradox in cybersecurity.
Technical people are becoming a trending target for attackers, and many end up hacked.
Full take on LinkedIn 👇
linkedin.com/feed/update/urn…
2
3
114
José Rabal Sastre retweeted
En 2026 estamos viviendo una curiosa paradoja en ciberseguridad.
El perfil técnico se está convirtiendo en una tendencia entre los objetivos de los atacantes, y muchos acaban hackeados.
Reflexión completa en LinkedIn 👇
linkedin.com/feed/update/urn…
2
2
79
José Rabal Sastre retweeted
Are you using Blind Prompt Injection in your AI pentests?
It's Blind SQLi but on LLMs.
The attacker injects a predicate, the app exposes an oracle (status code, content-length, latency, tool call, OOB hit, token count), and the secret is reconstructed bit by bit.
1
2
4
140
May 14
In the latest @kaptorsecurity post, I share my experience so far applying AI to pentesting tasks.
Approaches, architectures, and a few tips for putting together something that actually pays off in cost-benefit terms depending on the context:
kaptor.ai/blog/ai-pentesting…
2
3
121
May 14
En la última publicación de @kaptorsecurity comparto mi experiencia a día de hoy aplicando la IA a tareas de pentesting.
Enfoques, arquitecturas y algunos consejos para montar algo que realmente compense en coste-beneficio dependiendo de cada contexto:
kaptor.ai/blog/ai-pentesting…
1
2
99
José Rabal Sastre retweeted
Securing AI goes beyond traditional pentesting. These architectures introduce entirely new attack categories.
Our latest article analyzes why AI security demands a new threat model and specialized skills:
kaptor.ai/blog/classic-pente…
2
2
87
José Rabal Sastre retweeted
Asegurar la IA va más allá del pentesting tradicional. Su propia naturaleza introduce categorías de ataque que antes no existían.
En nuestro nuevo artículo analizamos por qué la seguridad en IA exige un nuevo modelo de amenazas y personal especializado:
kaptor.ai/blog/classic-pente…
1
2
65
José Rabal Sastre retweeted
We dive deeper into the new 𝗕𝗹𝗶𝗻𝗱 𝗣𝗿𝗼𝗺𝗽𝘁 𝗜𝗻𝗷𝗲𝗰𝘁𝗶𝗼𝗻 technique.
Unified taxonomy of 6 variants: Boolean, Time, OOB, Streaming, Cache, Token-Count.
3 inherited from Blind SQLi, 3 native to modern LLM stacks.
🔗 kaptor.ai/blog/blind-prompt-…
5
9
1,768
José Rabal Sastre retweeted
Profundizamos en la investigación de la técnica Blind Prompt Injection.
Taxonomía unificada de 6 variantes: Boolean, Time, OOB, Streaming, Cache, Token-Count.
3 con equivalencia en Blind SQLi, 3 nativas de LLMs.
🔗 kaptor.ai/blog/blind-prompt-…
1
70
José Rabal Sastre retweeted
AI security is the new battlefield of Cybersecurity.
Kaptor Security is now on social.
20 years in offensive security, now focused on AI. Beyond OWASP LLM & MITRE ATLAS.
AI innovation is only sustainable if it's secure.
🌐kaptor.ai
1
2
551
Apr 20
Finally out of "stealth mode"! 🚀
@kaptorsecurity is now on socials, specializing in offensive cybersecurity for AI ecosystems. 🛡️
After months securing AI architectures for clients, it’s time to join the conversation. Proud to be on this journey with @egarme
Follow us! 🔥
2
133
🚨 #BlueSpy is now available on our GitHub. This proof-of-concept allows you to listen in on conversations from Bluetooth headsets without your users' knowledge. We have already alerted manufacturers whose devices have some vulnerabilities.
github.com/TarlogicSecurity/…
3
101
241
27,428
6 Feb 2022
From time to time, I keep myself in a loop arguing with people who say that cookies are better than web storage for session tokens. I just realised that @albinowax wrote a well-explained article about this topic. Thanks god! portswigger.net/research/web…
2
José Rabal Sastre retweeted
14 May 2021
Nuestros compañeros de @BlackArrowSec os presentan en este artículo un ejercicio del equipo de #RedTeam que les permitió persistir y pasar desapercibidos en la red de una empresa. Lo hicieron además utilizando una herramienta tan común como Microsoft Teams
blackarrow.net/es/aprovechan…
4
3
WAF solutions are today one of the most powerful defense shields for companies against #cyberattacks.Our colleague @joserabal analyzes their operation and effectiveness in our #cibersecurity blog. Enjoy reading!
tarlogic.com/en/blog/evaluat…
3
1