@chainlight_io intern, team lead. Building an essential risk management platform for Web3.
Joined April 2019
- Tweets 1,336
- Following 1,021
- Followers 2,295
- Likes 4,135
220 Photos and videos
Pinned Tweet
21 Aug 2022
gg
21 Aug 2022
This effectively makes # of unsolved challenges to be 0 for The Duck :) It was a fun weekend activity that allowed Theori researchers to show off their deep knowledge and strong skills in Web3 security.
Thanks to @paradigm_ctf for hosting the CTF!
16
Juno retweeted
Jun 2
Can finally share the details of a really nice Redis RCE found by @xint_official back in December. IMO, the bug is really cool!
In short, carefully crafting eviction parameters and blocking on a key can cause a client to self-evict during unblocking, leading to a use-after-free!
2
12
77
6,324
Juno retweeted
Apr 29
Surfaced by Xint Code — our AI vuln research platform — pointed at the kernel's crypto/ for about an hour, on a starting hunch from @5unKn0wn.
Came back with CopyFail (plus others, still in coordinated disclosure).
Write-up PoC (exploit): copy.fail
Xint Code: code.xint.io
4
32
287
58,121
Juno retweeted
Apr 29
Patch your Linux boxes!
Copy.Fail is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms.
Found by the teams at @theori_io and @xint_official
More details below
xint.io/blog/copy-fail-linux…
24
363
982
250,212
Apr 29
Apr 29
Patch your Linux boxes!
Copy.Fail is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms.
Found by the teams at @theori_io and @xint_official
More details below
xint.io/blog/copy-fail-linux…
1
30
16,796
Juno retweeted
Apr 28
'Before [Xint security researcher @tjbecker] started working on automatic bug finding with AI, he worked on vulnerability research, finding zero days and reporting them to maintainers. He said it used to take him weeks or months to find a high-impact vulnerability in a brand-new codebase, and now it only takes hours.
“I just drop the code into our AI bug-finding tool [Xint] and in a couple hours I get a report with a bunch of candidate vulnerabilities, and most of them end up checking out and being real issues,” he said. “The bar to diving into a new million-line codebase and finding a bug is so much lower than it used to be.”'
Great report from @verge looking into the new era of cybersecurity, where even non-technical attackers can use AI to find the weaknesses in the apps and networks of organizations faster and at a scale never thought possible before.
theverge.com/ai-artificial-i…
1
5
34
9,321
Juno retweeted
Apr 24
Join award-winning security researcher @tylerni7 on @TechstrongTV for this hands-on workshop for product security practitioners. In this workshop he will:
1) go deep into how AI-native AppSec differs from traditional tools and methods
2) share the pitfalls of poorly harnessed AI bug finding
3) and provide a demonstration of how the scaffolding (and not the model) is what will provide superior results for what product security looks like in the real world
webinars.techstronglearning.…
2
10
2,208
Apr 22
💻💻📲📲🔒🔒
Apr 21
Big news: Samsung Electronics selected Xint as a strategic tool to overcome the limitations of traditional manual security audits and to eliminate security blind spots. Leveraging AI on top of Theori's expertise as world class hackers, Xint autonomously analyzes the structure and context of services within complex infrastructures. This allows it to identify potential penetration paths from an actual attacker's perspective, even within frequently updated hybrid cloud environments.
theori.io/news/316173ae-b1aa…
3
2
10
2,523
Apr 20
Sounds like there's an insider? NUKE every K8s cluster 💣💣💣💣💣💣
> Rather, the attacker was able to gain access to the list of RPCs our DVN uses, compromise two of them – which were independent nodes running on separate clusters without direct connection to each other – and swap out binaries running the op-geth nodes.
1
2
6
1,342
Juno retweeted
Apr 18
. @mubix shared this on LinkedIn and thought some of you might find it useful: “A Practical Reprioritization Guide for CISOs Entering the AI Vulnerability Era”
linkedin.com/posts/mubix_the…
6
88
386
58,533
Juno retweeted
Apr 15
Our AI code scanner, Xint Code, finds all 4 featured Mythos vulnerabilities (OpenBSD, FreeBSD, firecracker, FFmpeg) using its default pipeline (no custom prompts or configuration).
These same scans found over 10 new vulnerabilities in OpenBSD, FFmpeg, and FreeBSD.
Apr 15
Anthropic is (rightfully) generating a lot of attention for Mythos’s ability to find 0days, BUT the hard problem is not whether an LLM can recognize a bug when pointed at it; it is whether a system can find the right code to examine across a 9-million-line codebase, distinguish the one real vulnerability from the hundreds of theoretical weaknesses the model will flag along the way, and deliver output a developer can act on without wasting a week on false positives.
This is something Xint has been doing since our wins at AIxCC and #ZeroDayCloud last year. We wanted to see if using publicly available models with the right scaffolding would reach the same performance as the latest limited-release frontier model under **real world conditions**
In this research paper not only did we find all the same bugs highlighted in Anthropic’s report, but found an additional 12 mid- to high-severity vulnerabilities not included in their public disclosures.
Check out the full report here:
go.xint.io/xint-mythos-appse…
3
6
75
9,549
We’re expanding Trusted Access for Cyber with additional tiers for authenticated cybersecurity defenders.
Customers in the highest tiers can request access to GPT-5.4-Cyber, a version of GPT-5.4 fine-tuned for cybersecurity use cases, enabling more advanced defensive workflows.
openai.com/index/scaling-tru…
457
622
5,124
1,992,594
Apr 13
Codex/CC dont make bad devs good, they just let them write critical bugs at 10x speed.
We either need to build a machine speed bug finding tool, or we just need to start firing them.
Apr 13
New from our CEO @brian_pak: Coding agents are scaling software faster than security can scale review. Example: while pull requests (PRs) per author increased 20% year over year, incidents per PR increased 23.5% and change failures increased 30% over the same period. The real urgency however is just as organizations are using AI to write more vulnerable code than ever, attackers can use AI to industrialize their probes for weaknesses as well.
theori.io/blog/156904
1
11
2,603
Maybe this is just because we (@xint_official / @theori_io) have been using LLMs for bug finding for ~2 years due to AIxCC so it doesn't seem so "new"?
It's exciting either way, and only getting better--but there's still a lot of work on the LLM scaffolding side to be done...
1
3
15
1,450
Apr 1
FWIW, I never imagined there’d be a bug like this in one of real “CRITICAL SOFTWARE”, Nginx. (And thought if there it is it must be a bug-door for a new PRISM project)
Disclosure more bugs soon.
Apr 1
Fun fact: We actually discovered this issue accidentally when our system reported finding a new bug in one of our old benchmarks. We were surprised to find out it was actually a #0day in NGINX!
Additional coverage from @gbhackers_news
gbhackers.com/f5-nginx-plus-…
2
10
2,201
Apr 1
I really don’t get why every agent provider just says “User clicked the consent button so everything’s working intended. No security issue”
That sounds like Google saying, “well, JavaScript can be dangerous, so maybe you just shouldn’t run it”
Apr 1
Naturally, the first thing we did was run it through Xint Code. Unsurprisingly, the vibe-coded app has quite a few vulnerabilities surfaced within minutes, including vuln101-level bugs (e.g. `.includes()` instead of `.startsWith()`).
I guess @AnthropicAI wasn't kidding when they said "90% of the code written at Anthropic is written by Claude."
What I'm really curious about is where Anthropic draws the security boundary. Claude Code asks whether you trust the workspace at the very start, and you basically can't use the tool unless you consent. From that point on, all responsibility shifts to the user.
Consent once, and running Claude on a directory becomes a 0-click RCE vector in multiple ways. So maybe these aren't considered security vulnerabilities as far as they're concerned…?
1
2
9
1,204
Apr 1
Blog post with how @AnthropicAI and @OpenAI think
Took a look at the Claude code leak from yesterday, writing up thoughts on @AnthropicAI/@OpenAI’s security approaches threat models on their agents.
Blog post soon.
2
278
Juno retweeted
Mar 25
I’m excited to let you know that the talks from [un]prompted—the AI Security Practitioner Conference—are now live on YouTube.
No fluff, no hype—just real-world AI security from people actually doing the work.
youtube.com/playlist?list=PL…
2
66
277
35,648
Mar 23
another announcement of an announcement
it's gonna be exciting in a couple of days
Mar 23
a567d09b15f6e4440e70c9f2aa8edec8ed59f53301952df05c719aa3911687f9 👀
1
1
28
4,330