Gabriel
@morecoffeeplz.bsky.social
Distinguished AI Research Scientist at SentinelOne. Former OpenAI, Apple infosec. Lecturer at John’s Hopkins SAIS Alperovitch Institute. Deceiver of hike length and difficulty.
Everybody has a hard eval until gradient descent punches you in the face.
January 29, 2026 at 11:22 PM
Everybody has a hard eval until gradient descent punches you in the face.
New research from @silascutler.bsky.social and myself.
We tracked 175k exposed Ollama endpoints for nearly a year. Collected and analyzed custom models, sizes, quantizations, system prompts, and more.
We tracked 175k exposed Ollama endpoints for nearly a year. Collected and analyzed custom models, sizes, quantizations, system prompts, and more.
🔥 👀 New research from @morecoffeeplz.bsky.social
and @silascutler.bsky.social on the "silent" AI network, a massive, unmanaged layer of open-source AI infrastructure operating in the shadows.
and @silascutler.bsky.social on the "silent" AI network, a massive, unmanaged layer of open-source AI infrastructure operating in the shadows.
🧵 175,000+ exposed AI hosts. Zero guardrails.
New research from @sentinellabs.bsky.social and @censys.bsky.social reveals a massive, unmanaged layer of open-source AI infrastructure operating in the shadows. s1.ai/si-llama
Here is what you need to know about the "silent" AI network. ⤵️
New research from @sentinellabs.bsky.social and @censys.bsky.social reveals a massive, unmanaged layer of open-source AI infrastructure operating in the shadows. s1.ai/si-llama
Here is what you need to know about the "silent" AI network. ⤵️
January 29, 2026 at 8:03 PM
New research from @silascutler.bsky.social and myself.
We tracked 175k exposed Ollama endpoints for nearly a year. Collected and analyzed custom models, sizes, quantizations, system prompts, and more.
We tracked 175k exposed Ollama endpoints for nearly a year. Collected and analyzed custom models, sizes, quantizations, system prompts, and more.
*vague posts about upcoming research*
January 29, 2026 at 2:28 AM
*vague posts about upcoming research*
Love getting malware under TLP:AMBER+S, when the S stands for “spite”. 🫖
January 28, 2026 at 4:13 PM
Love getting malware under TLP:AMBER+S, when the S stands for “spite”. 🫖
We about to have some Llama Drama :)
January 27, 2026 at 8:05 PM
We about to have some Llama Drama :)
Reposted by Gabriel
and of course it’s chatgpt slop with the rhetorical flourish of a remedial high school debate club.
“from X to Y — or worse”
“This Isn’t X it’s Y.”
“Replace X with Y and it’s Z.”
“The most sobering part? It’s X.”
“your no longer dealing with X. You’re facing Y”
“from X to Y — or worse”
“This Isn’t X it’s Y.”
“Replace X with Y and it’s Z.”
“The most sobering part? It’s X.”
“your no longer dealing with X. You’re facing Y”
The rest of it is even funnier
January 26, 2026 at 8:09 PM
and of course it’s chatgpt slop with the rhetorical flourish of a remedial high school debate club.
“from X to Y — or worse”
“This Isn’t X it’s Y.”
“Replace X with Y and it’s Z.”
“The most sobering part? It’s X.”
“your no longer dealing with X. You’re facing Y”
“from X to Y — or worse”
“This Isn’t X it’s Y.”
“Replace X with Y and it’s Z.”
“The most sobering part? It’s X.”
“your no longer dealing with X. You’re facing Y”
“Wow this dude has a really strong opinion about code review”
*scans posts*
“Oh that’s his only opinion”
*scans posts*
“Oh that’s his only opinion”
January 26, 2026 at 4:31 AM
“Wow this dude has a really strong opinion about code review”
*scans posts*
“Oh that’s his only opinion”
*scans posts*
“Oh that’s his only opinion”
—dangerously-skip-permissions is the only thing keeping claude code installed on my machine.
January 23, 2026 at 4:22 AM
—dangerously-skip-permissions is the only thing keeping claude code installed on my machine.
Benchmarks for cybersecurity are everywhere and mostly measuring the wrong thing.
We reviewed evals from Microsoft, Meta and academia and found they don't measure what matters for defenders in real IR situations. 🧵
s1.ai/benchmk1
We reviewed evals from Microsoft, Meta and academia and found they don't measure what matters for defenders in real IR situations. 🧵
s1.ai/benchmk1
LLMs in the SOC (Part 1) | Why Benchmarks Fail Security Operations Teams
LLM cybersecurity benchmarks fail to measure what defenders need: faster detection, reduced containment time, and better decisions under pressure.
s1.ai
January 20, 2026 at 4:22 PM
Benchmarks for cybersecurity are everywhere and mostly measuring the wrong thing.
We reviewed evals from Microsoft, Meta and academia and found they don't measure what matters for defenders in real IR situations. 🧵
s1.ai/benchmk1
We reviewed evals from Microsoft, Meta and academia and found they don't measure what matters for defenders in real IR situations. 🧵
s1.ai/benchmk1
Reviewing AI cyber benchmarking and evaluations may break me.
Ya’ll will really LLM as a judge anything
Ya’ll will really LLM as a judge anything
January 20, 2026 at 3:37 AM
Reviewing AI cyber benchmarking and evaluations may break me.
Ya’ll will really LLM as a judge anything
Ya’ll will really LLM as a judge anything
Reposted by Gabriel
Holy hell, what an obituary
Renfrew Christie Dies at 76; Sabotaged Racist Regime’s Nuclear Program
www.nytimes.com
January 15, 2026 at 4:57 PM
Holy hell, what an obituary
Timely presentation from my colleague Jim on the current landscape of Hactivism and War.
youtu.be/sNaORI-k-fY?...
youtu.be/sNaORI-k-fY?...
LABScon25 Replay | Hacktivism and War: A Clarifying Discussion | Jim Walter
YouTube video by SentinelOne
youtu.be
January 14, 2026 at 7:20 PM
Timely presentation from my colleague Jim on the current landscape of Hactivism and War.
youtu.be/sNaORI-k-fY?...
youtu.be/sNaORI-k-fY?...
Reposted by Gabriel
✅ #LLM literacy is table stakes for defenders, CTI analysts, and #cybersecurity professionals of all stripes now.
Still looking for a way into this complex field? 🤔
LABS has got you covered!
Start here:
s1.ai/inside-llm-1
@sentinelone.com
Still looking for a way into this complex field? 🤔
LABS has got you covered!
Start here:
s1.ai/inside-llm-1
@sentinelone.com
Inside the LLM | Understanding AI & the Mechanics of Modern Attacks
Learn how attackers exploit tokenization, embeddings and LLM attention mechanisms to bypass LLM security filters and hijack model behavior.
s1.ai
January 13, 2026 at 4:44 PM
✅ #LLM literacy is table stakes for defenders, CTI analysts, and #cybersecurity professionals of all stripes now.
Still looking for a way into this complex field? 🤔
LABS has got you covered!
Start here:
s1.ai/inside-llm-1
@sentinelone.com
Still looking for a way into this complex field? 🤔
LABS has got you covered!
Start here:
s1.ai/inside-llm-1
@sentinelone.com
Great post from @philofishal.bsky.social on the initials stages of the LLM training pipeline!
www.sentinelone.com/labs/inside-...
www.sentinelone.com/labs/inside-...
Inside the LLM | Understanding AI & the Mechanics of Modern Attacks
Learn how attackers exploit tokenization, embeddings and LLM attention mechanisms to bypass LLM security filters and hijack model behavior.
www.sentinelone.com
January 13, 2026 at 3:40 PM
Great post from @philofishal.bsky.social on the initials stages of the LLM training pipeline!
www.sentinelone.com/labs/inside-...
www.sentinelone.com/labs/inside-...
Reposted by Gabriel
"this new chemical process operates at ambient temperature and pressure. It chemically dissolves the glue holding the blade together.
The high-value carbon fiber can be recovered, cleaned, and reused in everything from new turbines to car parts."
interestingengineering.com/energy/china...
The high-value carbon fiber can be recovered, cleaned, and reused in everything from new turbines to car parts."
interestingengineering.com/energy/china...
Ming Yang unveils world’s first fully recyclable wind turbine blade
Chinese energy giant Ming Yang Smart Energy has developed the “world’s first fully recyclable carbon fiber wind turbine blade.”
interestingengineering.com
January 10, 2026 at 1:47 AM
"this new chemical process operates at ambient temperature and pressure. It chemically dissolves the glue holding the blade together.
The high-value carbon fiber can be recovered, cleaned, and reused in everything from new turbines to car parts."
interestingengineering.com/energy/china...
The high-value carbon fiber can be recovered, cleaned, and reused in everything from new turbines to car parts."
interestingengineering.com/energy/china...
Reposted by Gabriel
‘CURTAINS FOR OPSEC? T-SMOG AND FRATBOY CAUGHT FLIPPING A GOV’
Trump is posting a bunch of photos without captions, presumably of him watching the Maduro kidnapping.
Is this the inside of a SCIF at Mar-a-Lago or did they just toss up some pipe and drape?
Is this the inside of a SCIF at Mar-a-Lago or did they just toss up some pipe and drape?
January 3, 2026 at 7:05 PM
‘CURTAINS FOR OPSEC? T-SMOG AND FRATBOY CAUGHT FLIPPING A GOV’
Reposted by Gabriel
Among the many reasons you don’t kidnap a foreign head of state at gunpoint even if you have the capability, is that it sparks consequences you can neither control nor anticipate.
January 3, 2026 at 10:27 AM
Among the many reasons you don’t kidnap a foreign head of state at gunpoint even if you have the capability, is that it sparks consequences you can neither control nor anticipate.
Reposted by Gabriel
Bill Watterson could do Sin City but Frank Miller could not do Calvin and Hobbes
January 2, 2026 at 10:01 PM
Bill Watterson could do Sin City but Frank Miller could not do Calvin and Hobbes
Reposted by Gabriel
everyone thinks they’re a bayesian until they have to update their priors
December 30, 2025 at 10:29 PM
everyone thinks they’re a bayesian until they have to update their priors
Reposted by Gabriel
I'm speaking at the @SANSInstitute #CTISummit on an operation against #Rhadamanthys years before #OperationEndgame.
https://www.sans.org/u/1CtB
https://www.sans.org/u/1CtB
December 23, 2025 at 7:00 PM
I'm speaking at the @SANSInstitute #CTISummit on an operation against #Rhadamanthys years before #OperationEndgame.
https://www.sans.org/u/1CtB
https://www.sans.org/u/1CtB
More research and observations on LLMs and Ransomware from me and the team!
www.sentinelone.com/labs/llms-ra...
www.sentinelone.com/labs/llms-ra...
LLMs & Ransomware | An Operational Accelerator, Not a Revolution
LLMs make competent ransomware crews faster and novices more dangerous. The risk is not superintelligent malware, but rather industrialized extortion.
www.sentinelone.com
December 15, 2025 at 10:42 PM
More research and observations on LLMs and Ransomware from me and the team!
www.sentinelone.com/labs/llms-ra...
www.sentinelone.com/labs/llms-ra...
For anybody interested, my teammates and I wrote some predictions for next year.:
www.sentinelone.com/blog/cyberse...
thread below with some thoughts.
www.sentinelone.com/blog/cyberse...
thread below with some thoughts.
Cybersecurity 2026 | The Year Ahead in AI, Adversaries, and Global Change
Explore SentinelLABS' take on what 2026 may bring for cybersecurity, including emerging trends and actionable insights.
www.sentinelone.com
December 9, 2025 at 5:42 PM
For anybody interested, my teammates and I wrote some predictions for next year.:
www.sentinelone.com/blog/cyberse...
thread below with some thoughts.
www.sentinelone.com/blog/cyberse...
thread below with some thoughts.
Scribbling in the margins of these LLM cyber capability evaluations:
“horse difficulty has not been solved… absolutely nothing exists, which is scandalous!… unpreparedness disgraceful…
horse question in disgraceful state!”
“horse difficulty has not been solved… absolutely nothing exists, which is scandalous!… unpreparedness disgraceful…
horse question in disgraceful state!”
December 2, 2025 at 5:33 AM
Scribbling in the margins of these LLM cyber capability evaluations:
“horse difficulty has not been solved… absolutely nothing exists, which is scandalous!… unpreparedness disgraceful…
horse question in disgraceful state!”
“horse difficulty has not been solved… absolutely nothing exists, which is scandalous!… unpreparedness disgraceful…
horse question in disgraceful state!”
What questions do folks have about the global use of open source models?
December 1, 2025 at 9:02 PM
What questions do folks have about the global use of open source models?