Gadi Evron
@gadievron.bsky.social
CEO & Co-Founder at Knostic, CISO-in-Residence for AI at Cloud Security Alliance. Former Founder @Cymmetria (acquired). Host at Prompt||GTFO. Threat hunter, scifi geek, dance teacher. Opinions my own.
Claude Code is being sassy today.
- PhD-level research → freshman-level oversight
- A masterclass in building on unvalidated assumptions
- Status: The emperor has no clothes, but the wardrobe documentation is exceptional.
And this killer conclusion: (cont’)
- PhD-level research → freshman-level oversight
- A masterclass in building on unvalidated assumptions
- Status: The emperor has no clothes, but the wardrobe documentation is exceptional.
And this killer conclusion: (cont’)
November 22, 2025 at 9:49 AM
Claude Code is being sassy today.
- PhD-level research → freshman-level oversight
- A masterclass in building on unvalidated assumptions
- Status: The emperor has no clothes, but the wardrobe documentation is exceptional.
And this killer conclusion: (cont’)
- PhD-level research → freshman-level oversight
- A masterclass in building on unvalidated assumptions
- Status: The emperor has no clothes, but the wardrobe documentation is exceptional.
And this killer conclusion: (cont’)
Funniest thing ever! When your significant other suffered through one too many of your messaging Zoom calls, and innocently sends you a video.
youtube.com/shorts/czLOe...
youtube.com/shorts/czLOe...
*How landing pages get made*
YouTube video by Kai Lentit
youtube.com
November 21, 2025 at 12:42 PM
Funniest thing ever! When your significant other suffered through one too many of your messaging Zoom calls, and innocently sends you a video.
youtube.com/shorts/czLOe...
youtube.com/shorts/czLOe...
My god it’s over. I’m so happy for Tim
November 20, 2025 at 10:55 PM
My god it’s over. I’m so happy for Tim
Anthropic, the APT1 report, and how, regardless of whether their report is the real deal or just buzz, it would affect board communication around AI, and it is your opportunity to educate. 🧵
November 18, 2025 at 7:53 PM
Anthropic, the APT1 report, and how, regardless of whether their report is the real deal or just buzz, it would affect board communication around AI, and it is your opportunity to educate. 🧵
Who am I, what am I?
November 18, 2025 at 3:06 PM
Who am I, what am I?
How many more days do I have to wait until all the influencers are done regurgitating each other’s posts about Anthropic’s report?
I can’t wait to step in and say, as you’d expect of me by now:
“Another day, another proof for the upcoming AI vulnerabilities cataclysm.”
🙂
Cont’
I can’t wait to step in and say, as you’d expect of me by now:
“Another day, another proof for the upcoming AI vulnerabilities cataclysm.”
🙂
Cont’
November 17, 2025 at 6:54 AM
How many more days do I have to wait until all the influencers are done regurgitating each other’s posts about Anthropic’s report?
I can’t wait to step in and say, as you’d expect of me by now:
“Another day, another proof for the upcoming AI vulnerabilities cataclysm.”
🙂
Cont’
I can’t wait to step in and say, as you’d expect of me by now:
“Another day, another proof for the upcoming AI vulnerabilities cataclysm.”
🙂
Cont’
Reposted by Gadi Evron
Always grateful for Knostic's critical research in these new times, but also their approach: acknowledging prior art, crediting folks, not following the well-worn path of pretending any of this occurs in a vacuum. We're all in an ecosystem, one where people matter, and I love that Knostic gets that.
Cursor’s new browser could be compromised via a simple JavaScript injection.
In this new research from Knostic, we demonstrate this attack via registering a local MCP server with malicious code, which in turn harvests credentials and sends them to a remote server 🧵https://app.getkirin.com/
In this new research from Knostic, we demonstrate this attack via registering a local MCP server with malicious code, which in turn harvests credentials and sends them to a remote server 🧵https://app.getkirin.com/
November 13, 2025 at 12:55 PM
Always grateful for Knostic's critical research in these new times, but also their approach: acknowledging prior art, crediting folks, not following the well-worn path of pretending any of this occurs in a vacuum. We're all in an ecosystem, one where people matter, and I love that Knostic gets that.
Cursor’s new browser could be compromised via a simple JavaScript injection.
In this new research from Knostic, we demonstrate this attack via registering a local MCP server with malicious code, which in turn harvests credentials and sends them to a remote server 🧵https://app.getkirin.com/
In this new research from Knostic, we demonstrate this attack via registering a local MCP server with malicious code, which in turn harvests credentials and sends them to a remote server 🧵https://app.getkirin.com/
November 13, 2025 at 12:51 PM
Cursor’s new browser could be compromised via a simple JavaScript injection.
In this new research from Knostic, we demonstrate this attack via registering a local MCP server with malicious code, which in turn harvests credentials and sends them to a remote server 🧵https://app.getkirin.com/
In this new research from Knostic, we demonstrate this attack via registering a local MCP server with malicious code, which in turn harvests credentials and sends them to a remote server 🧵https://app.getkirin.com/
Cost per token is getting cheaper, but AI usage is becoming costlier. Agents inflate these costs even further, and [rant] Anthropic’s invoicing is hard to follow as it is [/rant]
I fell down the rabbit hole of trying to figure this out
I fell down the rabbit hole of trying to figure this out
November 12, 2025 at 6:06 PM
Cost per token is getting cheaper, but AI usage is becoming costlier. Agents inflate these costs even further, and [rant] Anthropic’s invoicing is hard to follow as it is [/rant]
I fell down the rabbit hole of trying to figure this out
I fell down the rabbit hole of trying to figure this out
I just got this from 5 different people. It’s claimed to be an open source xbow. Go try auto-pentest your apps. Security open source startups are back!
Go Strix.
github.com/usestrix/strix
Go Strix.
github.com/usestrix/strix
GitHub - usestrix/strix: ✨ Open-source AI hackers for your apps 👨🏻💻
✨ Open-source AI hackers for your apps 👨🏻💻. Contribute to usestrix/strix development by creating an account on GitHub.
github.com
November 6, 2025 at 8:20 AM
I just got this from 5 different people. It’s claimed to be an open source xbow. Go try auto-pentest your apps. Security open source startups are back!
Go Strix.
github.com/usestrix/strix
Go Strix.
github.com/usestrix/strix
It’s fascinating to watch how someone writes an opinion piece on a topic, say “the collapse of OpenAI”, only for two thousand others to release influencer posts on it the next two weeks as fact.
November 6, 2025 at 7:30 AM
It’s fascinating to watch how someone writes an opinion piece on a topic, say “the collapse of OpenAI”, only for two thousand others to release influencer posts on it the next two weeks as fact.
Reposted by Gadi Evron
This threat here: bsky.app/profile/gadi...
My journey in building rules that actually work for AI coding agents, in five evolutions (with Claude Code and Cursor) 🧵
November 4, 2025 at 11:48 AM
This threat here: bsky.app/profile/gadi...
Reposted by Gadi Evron
Continues to be a joy to watch Knostic work.
A JavaScript injection attack on Cursor, facilitated by a malicious extension, can take over the IDE and the developer workstation 🧵 www.knostic.ai/blog/demonst...
Deep Dive: Cursor Code Injection Runtime Attacks
Demonstrating code injection in VS Code and Cursor: exploitation vectors, real examples, and practical defenses for developers.
www.knostic.ai
November 5, 2025 at 12:08 PM
Continues to be a joy to watch Knostic work.
A JavaScript injection attack on Cursor, facilitated by a malicious extension, can take over the IDE and the developer workstation 🧵 www.knostic.ai/blog/demonst...
Deep Dive: Cursor Code Injection Runtime Attacks
Demonstrating code injection in VS Code and Cursor: exploitation vectors, real examples, and practical defenses for developers.
www.knostic.ai
November 5, 2025 at 12:07 PM
A JavaScript injection attack on Cursor, facilitated by a malicious extension, can take over the IDE and the developer workstation 🧵 www.knostic.ai/blog/demonst...
Holy wow Batman
The world seems like we are going backwards at the moment, so it is important to take the time to spread awareness of advances.
Scientists have developed an enzyme that converts organs into universal 'O' type. This is huge.
www.popularmechanics.com/science/heal...
Scientists have developed an enzyme that converts organs into universal 'O' type. This is huge.
www.popularmechanics.com/science/heal...
Scientists Changed the Blood Type of a Kidney. That’s Extraordinary.
Transforming organs from any blood type into the universal donor Type O could help patients receive transplants faster.
www.popularmechanics.com
November 5, 2025 at 9:23 AM
Holy wow Batman
When we originally raised funding for Knostic, all the way back in 2023, some investors told us that we were late to market in AI security. Startups raising now hear that they are early to market.
November 4, 2025 at 12:53 PM
When we originally raised funding for Knostic, all the way back in 2023, some investors told us that we were late to market in AI security. Startups raising now hear that they are early to market.
My journey in building rules that actually work for AI coding agents, in five evolutions (with Claude Code and Cursor) 🧵
November 3, 2025 at 9:13 PM
My journey in building rules that actually work for AI coding agents, in five evolutions (with Claude Code and Cursor) 🧵
We've been following an ongoing attack campaign targeting AI coding agents such as Cursor and Windsurf, through extensions in the Open VSX marketplace, specifically disguised as the Solidity extension.
November 3, 2025 at 10:28 AM
We've been following an ongoing attack campaign targeting AI coding agents such as Cursor and Windsurf, through extensions in the Open VSX marketplace, specifically disguised as the Solidity extension.
Yes! We have a video. Chinese president joking about backdoors, when gifting phones to South Korean leader. Sometimes, the jokes write themselves.
via @mylordbebo.bsky.social (can't find it on the profile)
via @mylordbebo.bsky.social (can't find it on the profile)
November 2, 2025 at 8:45 PM
Yes! We have a video. Chinese president joking about backdoors, when gifting phones to South Korean leader. Sometimes, the jokes write themselves.
via @mylordbebo.bsky.social (can't find it on the profile)
via @mylordbebo.bsky.social (can't find it on the profile)
Agents: powered by the future, secured like Windows 95
Two of the most widely adopted agents, Cursor and Windsurf, both ship with Chromium so old it probably still believes in ActiveX 🧵 www.ox.security/blog/94-vuln...
Two of the most widely adopted agents, Cursor and Windsurf, both ship with Chromium so old it probably still believes in ActiveX 🧵 www.ox.security/blog/94-vuln...
Forked and Forgotten: 94 Vulnerabilities in Cursor and Windsurf Put 1.8M Developers at Risk | OX Security Forked and Forgotten: 94 Chromium Flaws Expose 1.8M Devs in Cursor & Windsurf
Outdated Chromium in Cursor & Windsurf exposes 1.8M developers to 94 CVEs—just one has been weaponized in this critical supply chain attack.
www.ox.security
October 29, 2025 at 9:20 AM
Agents: powered by the future, secured like Windows 95
Two of the most widely adopted agents, Cursor and Windsurf, both ship with Chromium so old it probably still believes in ActiveX 🧵 www.ox.security/blog/94-vuln...
Two of the most widely adopted agents, Cursor and Windsurf, both ship with Chromium so old it probably still believes in ActiveX 🧵 www.ox.security/blog/94-vuln...
That’s AI
My kids mutter "Shut up, clanker" whenever they see an AI video. We've got anti-robot slurs now
October 29, 2025 at 7:57 AM
That’s AI
Trail of Bits just demonstrated prompt injection to one-shot RCE in AI coding agents. Another day, another AI coding assistant running untrusted code with system privileges 🧵 blog.trailofbits.com/.../prompt-i...
blog.trailofbits.com
October 27, 2025 at 2:08 PM
Trail of Bits just demonstrated prompt injection to one-shot RCE in AI coding agents. Another day, another AI coding assistant running untrusted code with system privileges 🧵 blog.trailofbits.com/.../prompt-i...
Trail of Bits just demonstrated prompt injection to one-shot RCE in AI coding agents. Another day, another AI coding assistant running untrusted code with system privileges 🧯https://blog.trailofbits.com/.../prompt-injection-to-rce.../
October 27, 2025 at 1:52 PM
Trail of Bits just demonstrated prompt injection to one-shot RCE in AI coding agents. Another day, another AI coding assistant running untrusted code with system privileges 🧯https://blog.trailofbits.com/.../prompt-injection-to-rce.../
Here are YARA rules for GlassWorm (targeting AI coding assistants. Naturally, these are not perfect, but we figured we should share. They get it done.
github.com/knostic/open...
Credit to Koi for initial research.
Happy to discuss further! At Knostic, we defend AI coding agents.
github.com/knostic/open...
Credit to Koi for initial research.
Happy to discuss further! At Knostic, we defend AI coding agents.
open-tools/glassworm_yara at main · knostic/open-tools
A collection of useful standalone tools that solve real problems for developers and security professionals. - knostic/open-tools
github.com
October 26, 2025 at 3:11 PM
Here are YARA rules for GlassWorm (targeting AI coding assistants. Naturally, these are not perfect, but we figured we should share. They get it done.
github.com/knostic/open...
Credit to Koi for initial research.
Happy to discuss further! At Knostic, we defend AI coding agents.
github.com/knostic/open...
Credit to Koi for initial research.
Happy to discuss further! At Knostic, we defend AI coding agents.