Gadi Evron
@gadievron.bsky.social
CEO & Co-Founder at Knostic, CISO-in-Residence for AI at Cloud Security Alliance. Former Founder @Cymmetria (acquired). Host at Prompt||GTFO. Threat hunter, scifi geek, dance teacher. Opinions my own.
We've been following an ongoing attack campaign targeting AI coding agents such as Cursor and Windsurf, through extensions in the Open VSX marketplace, specifically disguised as the Solidity extension.
November 3, 2025 at 10:28 AM
We've been following an ongoing attack campaign targeting AI coding agents such as Cursor and Windsurf, through extensions in the Open VSX marketplace, specifically disguised as the Solidity extension.
Yes! We have a video. Chinese president joking about backdoors, when gifting phones to South Korean leader. Sometimes, the jokes write themselves.
via @mylordbebo.bsky.social (can't find it on the profile)
via @mylordbebo.bsky.social (can't find it on the profile)
November 2, 2025 at 8:45 PM
Yes! We have a video. Chinese president joking about backdoors, when gifting phones to South Korean leader. Sometimes, the jokes write themselves.
via @mylordbebo.bsky.social (can't find it on the profile)
via @mylordbebo.bsky.social (can't find it on the profile)
Circa 2015. Thank you for Participating in security. Still true.
October 20, 2025 at 6:03 PM
Circa 2015. Thank you for Participating in security. Still true.
Developers targeted again — this time the malware spreads itself. See how we catch.
Knostic catches the GlassWorm VS Code malware the instant it lands. In the video below, see how Knostic detects a malicious VS Code extension, in this case GlassWorm, the moment it’s installed.
Knostic catches the GlassWorm VS Code malware the instant it lands. In the video below, see how Knostic detects a malicious VS Code extension, in this case GlassWorm, the moment it’s installed.
October 19, 2025 at 4:26 PM
Developers targeted again — this time the malware spreads itself. See how we catch.
Knostic catches the GlassWorm VS Code malware the instant it lands. In the video below, see how Knostic detects a malicious VS Code extension, in this case GlassWorm, the moment it’s installed.
Knostic catches the GlassWorm VS Code malware the instant it lands. In the video below, see how Knostic detects a malicious VS Code extension, in this case GlassWorm, the moment it’s installed.
Vibe coding be like
October 15, 2025 at 8:18 PM
Vibe coding be like
ROFLOL. This cracked me up.
Via Ashutosh Shrivastava (@ai_for_success) on the other net.
Via Ashutosh Shrivastava (@ai_for_success) on the other net.
October 12, 2025 at 10:06 AM
ROFLOL. This cracked me up.
Via Ashutosh Shrivastava (@ai_for_success) on the other net.
Via Ashutosh Shrivastava (@ai_for_success) on the other net.
Truth, captured in a tweet three years ago.
October 11, 2025 at 11:43 AM
Truth, captured in a tweet three years ago.
Six months ago I lived outside, competing for food with my 6 brothers.
Today, I have a personal TLC & Patting team, 2 passive incomes, and a personal chef.
Pics: Private driver taking me to the beach.
Follow me on insta (thebestestshadow) for more financial advice.
Today, I have a personal TLC & Patting team, 2 passive incomes, and a personal chef.
Pics: Private driver taking me to the beach.
Follow me on insta (thebestestshadow) for more financial advice.
October 10, 2025 at 4:37 PM
Six months ago I lived outside, competing for food with my 6 brothers.
Today, I have a personal TLC & Patting team, 2 passive incomes, and a personal chef.
Pics: Private driver taking me to the beach.
Follow me on insta (thebestestshadow) for more financial advice.
Today, I have a personal TLC & Patting team, 2 passive incomes, and a personal chef.
Pics: Private driver taking me to the beach.
Follow me on insta (thebestestshadow) for more financial advice.
Knostic won again, following BlackHat and RSAC, we are a SINET16 Innovator!
SINET isn't just an award. It is the practitioner's stamp of approval.
From Shadow AI and oversharing to governance and defending your AI coding assistants, send me a note and let's talk!
SINET isn't just an award. It is the practitioner's stamp of approval.
From Shadow AI and oversharing to governance and defending your AI coding assistants, send me a note and let's talk!
October 9, 2025 at 12:52 PM
Knostic won again, following BlackHat and RSAC, we are a SINET16 Innovator!
SINET isn't just an award. It is the practitioner's stamp of approval.
From Shadow AI and oversharing to governance and defending your AI coding assistants, send me a note and let's talk!
SINET isn't just an award. It is the practitioner's stamp of approval.
From Shadow AI and oversharing to governance and defending your AI coding assistants, send me a note and let's talk!
This wins the internet today.
Via @forgebitz on Twitter
Via @forgebitz on Twitter
October 6, 2025 at 7:39 AM
This wins the internet today.
Via @forgebitz on Twitter
Via @forgebitz on Twitter
Shadow is almost 8 months old 😍 First time at the beach!
September 26, 2025 at 9:10 AM
Shadow is almost 8 months old 😍 First time at the beach!
“Can you all please turn off your WiFi? We’re working on a trust system here.” - I ‘member.
Via @nearcyan.bsky.social on the other net, through Jake Steinerman
Via @nearcyan.bsky.social on the other net, through Jake Steinerman
September 22, 2025 at 11:38 AM
“Can you all please turn off your WiFi? We’re working on a trust system here.” - I ‘member.
Via @nearcyan.bsky.social on the other net, through Jake Steinerman
Via @nearcyan.bsky.social on the other net, through Jake Steinerman
4chan is reserving flights from India to prevent H1B visa holders to get back to the U.S., following the tech industry’s instructions to employee visa holders to return to the U.S. immediately. The Internet shall remain the Internet, and Denial of Service attacks don’t have to be packet-based, and
🧵
🧵
September 21, 2025 at 11:54 AM
4chan is reserving flights from India to prevent H1B visa holders to get back to the U.S., following the tech industry’s instructions to employee visa holders to return to the U.S. immediately. The Internet shall remain the Internet, and Denial of Service attacks don’t have to be packet-based, and
🧵
🧵
September 19, 2025 at 3:01 PM
This is absolutely brilliant! AI + theology + math in a great narrative. Wow. Screenshot for a taste, via Kevin Weil.
www.astralcodexten.com/p/what-is-ma...
www.astralcodexten.com/p/what-is-ma...
September 18, 2025 at 6:26 PM
This is absolutely brilliant! AI + theology + math in a great narrative. Wow. Screenshot for a taste, via Kevin Weil.
www.astralcodexten.com/p/what-is-ma...
www.astralcodexten.com/p/what-is-ma...
I am convinced. In the future, “Programming for Developers” will be mainstream training.
It’s just like today devs don’t necessarily know asm if they code C, or JavaScript if we develop in node. They may learn Python, developing in English.
But, this did make me chuckle.
It’s just like today devs don’t necessarily know asm if they code C, or JavaScript if we develop in node. They may learn Python, developing in English.
But, this did make me chuckle.
September 15, 2025 at 2:34 PM
I am convinced. In the future, “Programming for Developers” will be mainstream training.
It’s just like today devs don’t necessarily know asm if they code C, or JavaScript if we develop in node. They may learn Python, developing in English.
But, this did make me chuckle.
It’s just like today devs don’t necessarily know asm if they code C, or JavaScript if we develop in node. They may learn Python, developing in English.
But, this did make me chuckle.
My new robot cleaner identifies my bedroom’s closet as an extra unknown room. I’m getting Narnia vibes here.
What are you hiding, “Room 7”?
What are you hiding, “Room 7”?
September 13, 2025 at 3:21 PM
My new robot cleaner identifies my bedroom’s closet as an extra unknown room. I’m getting Narnia vibes here.
What are you hiding, “Room 7”?
What are you hiding, “Room 7”?
I wonder if this is about AI, or the market downturn? I’m trying to not do too much analysis on my own yet. Any thoughts out there?
September 11, 2025 at 9:33 AM
I wonder if this is about AI, or the market downturn? I’m trying to not do too much analysis on my own yet. Any thoughts out there?
Largest supply chain attack in history… backdooring endless packages… 2.6 billion downloads a week…. And you make 20 bucks in stolen bitcoin.
I nominate you, North Korea (wild unsubstantiated guess), to the Awards.
I nominate you, North Korea (wild unsubstantiated guess), to the Awards.
September 9, 2025 at 6:05 AM
Largest supply chain attack in history… backdooring endless packages… 2.6 billion downloads a week…. And you make 20 bucks in stolen bitcoin.
I nominate you, North Korea (wild unsubstantiated guess), to the Awards.
I nominate you, North Korea (wild unsubstantiated guess), to the Awards.
If I wrote a comedy about internet privacy, this would be it.
Credit: Eyal Sela
Credit: Eyal Sela
September 4, 2025 at 1:26 PM
If I wrote a comedy about internet privacy, this would be it.
Credit: Eyal Sela
Credit: Eyal Sela
OpenAI's agent mode is impressive, but on security? It's writing checks it can't quite deliver. This is my tale of woes.. err.. two-day obsession streak, where I wandered into three security issues only for them to disappear from under me.
🧵
🧵
September 3, 2025 at 9:07 AM
OpenAI's agent mode is impressive, but on security? It's writing checks it can't quite deliver. This is my tale of woes.. err.. two-day obsession streak, where I wandered into three security issues only for them to disappear from under me.
🧵
🧵
Ethan Mollick wrote a great post on energy use and AI. It’s a nothing burger argument from people citing out of date information, and then out of context as well.
Read his blog, follow him, and say thank you.
Post:
malwr-analysis.com/2025/08/24/p...
Read his blog, follow him, and say thank you.
Post:
malwr-analysis.com/2025/08/24/p...
September 3, 2025 at 5:19 AM
Ethan Mollick wrote a great post on energy use and AI. It’s a nothing burger argument from people citing out of date information, and then out of context as well.
Read his blog, follow him, and say thank you.
Post:
malwr-analysis.com/2025/08/24/p...
Read his blog, follow him, and say thank you.
Post:
malwr-analysis.com/2025/08/24/p...
The hype is wrong.
The acceleration is real.
This is just the beginning.
And not taking away from the accomplishment, one day the overhyped headline about AI creating new math, will be true.
Original tweet:
x.com/sebastienbub...
The acceleration is real.
This is just the beginning.
And not taking away from the accomplishment, one day the overhyped headline about AI creating new math, will be true.
Original tweet:
x.com/sebastienbub...
August 24, 2025 at 11:42 PM
The hype is wrong.
The acceleration is real.
This is just the beginning.
And not taking away from the accomplishment, one day the overhyped headline about AI creating new math, will be true.
Original tweet:
x.com/sebastienbub...
The acceleration is real.
This is just the beginning.
And not taking away from the accomplishment, one day the overhyped headline about AI creating new math, will be true.
Original tweet:
x.com/sebastienbub...