Need a running example of a formal verification or math formalization project (using proof assistants) for my NSF CAREER. Would appreciate some public brainstorming since I am not good at examples, but having one would make my proposal way better. Thread below.

I recall a presentation from ~20 years ago wherein a colleague exposed how businesses lost customers after an automated phone tree "support solution" drove them to swearing desperation. These businesses have been sold a lemon "automation". This history seems to repeat today.

Please tell your friends, four weeks before @phrack submission deadline! We also are seeking both interior and cover art. We are working with our friends at @pagedout_zine again to create a fancy interior design for our main annual release!! Be a part of hacker history!

Papers and slides from the 12th IEEE Language-theoretic Security & Privacy workshop are posted at the workshop web site, langsec.org/spw26/papers.htm… We hope to post videos within the next few weeks.

Slides for my invited talk at @IEEESSP #langsec: "Large Language Models for Software Autospecification" - langsec.org/spw26/slides/van… joint work with @shubhamdugare and @TarunSures41845 at @TechAtBloomberg This is the new thing to pay attention to for software defense.

Twelfth LangSec IEEE Security & Privacy workshop is pleased to publish its preliminary schedule: langsec.org/spw26/program.ht… Join us on May 21 in San Francisco!

The internet has survived a period where a handful of late teens and early 20s kids were the only ones that knew about pre-malloc integer overflows as a bug class, and you could "grep malloc | grep \*" to find a bug in OpenSSH. This is why I am pretty chill about Mythos.

We are thrilled to announce that the workshop on Software Understanding and Reverse Engineering (SURE) is back for its second iteration, co-located with ACM CCS in The Hague! We invite the community to submit their research to SURE: sure-workshop.org/cfp/

Twelfth LangSec IEEE Security & Privacy workshop announces the panelist line-up for the Panel on LangSec and AI for formal methods: langsec.org/spw26/agenda.htm… Join us on May 21 is San Francisco!

LangSec has long been a forum for discussing the industry’s next hard problems. I’m excited to contribute to the panel on LangSec and AI for Formal Methods. AI is changing how software is built, deployed, and trusted, and reshaping how we think about trust itself.

Twelfth LangSec IEEE Security & Privacy workshop announces its preliminary agenda langsec.org/spw26/abstracts.… . Join us on May 21 for two keynotes on formal methods reaching broad industry practice, a panel on AI & LangSec, and talks. Work-in-progress reports and more TBA soon.

One of my favorite newer, and lesser known paper from Tony Hoare: Concurrent Kleene Algebra — opus.bibliothek.uni-augsburg… — this paper inspired me to study the algebraic approach to program and network verification. (KATs, NetKATs, algebras of incorrectness, etc.)

POV: You are a security researcher looking to advance the state of the art and science in offensive security. Submit to WOOT and show us all the hacks you're cooking up 🧑‍🍳

A curious example of misaligned defense: a recipe site aggressively profiles browsers, likely to avoid LLM crawlers. Frustrated users give up and go to ask an LLM for the recipe. So it goes.

Velvet, our automated Dafny-style verifier embedded into Lean, has moved to a new repository as a standalone Lean library: github.com/verse-lab/velvet Give it a try!

I must be getting old because I see people taking about “skills” and how they can be malicious and how some people are building “skill scanners” and I have a hard time understanding how we messed up so bad we made text files dangerous

The damage done by fictional descriptions of cyber attack, in taking up decisionmakers mindshare without real substance, is an incalculable cost to the employment of instruments of national power. Even moreso where these fictions are spun by those purporting to some journalist proximity. All of which downplays real effects and the hard necessary business of campaigning.

A reminder that the Twelfth Language-theoretic IEEE Security & Privacy workshop's call for papers is open through Feb 13, langsec.org/spw26/ Please submit your work and join us at IEEE S&P Workshops day, May 21, 2026, in San Francisco!

One thing my team learned in the past two years of building pragmatic program verifiers is that their performance matters at least as much if not more than expressivity, both for humans and AI automation. As most of programs/specs are broken initially, fast turnaround is a must.

The quality of reasoning/logic progressed so quickly over the last year that things are becoming possible in many directions I was previously quite skeptical about. The only thing that matters now is context (domain-specific expertise) and the velocity of access to knowledge of new attack classes. Exploit development has always been manual, human-centric work because it requires specific expertise not frequently accessible to the public. Now, AI can figure it out independently based on existing knowledge.