Giuseppe N3mes1s
@n3mes1s.bsky.social
An Operating System lover, was EDR chef and purple teamer. Trying to replace myself with an Agentic AI.
Reposted by Giuseppe N3mes1s
False positives waste your time.
False negatives cost you breaches.
At @BlackHatEvents , @moyix shows how XBOW agents fight false positives — validating real exploits at scale, in hours.
📍Aug 7 | 11:20am
False negatives cost you breaches.
At @BlackHatEvents , @moyix shows how XBOW agents fight false positives — validating real exploits at scale, in hours.
📍Aug 7 | 11:20am
July 28, 2025 at 3:02 PM
False positives waste your time.
False negatives cost you breaches.
At @BlackHatEvents , @moyix shows how XBOW agents fight false positives — validating real exploits at scale, in hours.
📍Aug 7 | 11:20am
False negatives cost you breaches.
At @BlackHatEvents , @moyix shows how XBOW agents fight false positives — validating real exploits at scale, in hours.
📍Aug 7 | 11:20am
Reposted by Giuseppe N3mes1s
Sent out a new edition of my email newsletter (which is very genuinely just recent from my blog reformatted into newsletter form) and it turns out it's basically ALL prompt injection this week - two detailed paper reviews and my piece on the lethal trifecta simonw.substack.com/p/the-lethal...
The lethal trifecta for AI agents
Plus reviews of two new papers about prompt injection, and Anthropic's tips on building multi-agent LLM systems
simonw.substack.com
June 17, 2025 at 3:30 PM
Sent out a new edition of my email newsletter (which is very genuinely just recent from my blog reformatted into newsletter form) and it turns out it's basically ALL prompt injection this week - two detailed paper reviews and my piece on the lethal trifecta simonw.substack.com/p/the-lethal...
Reposted by Giuseppe N3mes1s
Another prompt injection paper review! This time it's "An Introduction to Google’s Approach to AI Agent Security" by Santiago Díaz, Christoph Kern, and Kara Olive
Some interesting ideas in here, particularly around Google's three core principles for agent security simonwillison.net/2025/Jun/15/...
Some interesting ideas in here, particularly around Google's three core principles for agent security simonwillison.net/2025/Jun/15/...
An Introduction to Google’s Approach to AI Agent Security
Here’s another new paper on AI agent security: An Introduction to Google’s Approach to AI Agent Security, by Santiago Díaz, Christoph Kern, and Kara Olive. (I wrote about a different …
simonwillison.net
June 15, 2025 at 5:32 AM
Another prompt injection paper review! This time it's "An Introduction to Google’s Approach to AI Agent Security" by Santiago Díaz, Christoph Kern, and Kara Olive
Some interesting ideas in here, particularly around Google's three core principles for agent security simonwillison.net/2025/Jun/15/...
Some interesting ideas in here, particularly around Google's three core principles for agent security simonwillison.net/2025/Jun/15/...
Reposted by Giuseppe N3mes1s
Model Context Protocol has prompt injection security problems
simonwillison.net/2025/Apr/9/m...
simonwillison.net/2025/Apr/9/m...
Model Context Protocol has prompt injection security problems
As more people start hacking around with implementations of MCP (the Model Context Protocol, a new standard for making tools available to LLM-powered systems) the security implications of tools built ...
simonwillison.net
April 9, 2025 at 1:01 PM
Model Context Protocol has prompt injection security problems
simonwillison.net/2025/Apr/9/m...
simonwillison.net/2025/Apr/9/m...
All the hype around OpenAI Operator but no one is really testing it. Failure modes are spiking and the problems are always the same
Failed 5/5 tests
Common problems:
Do not know how to use tools
Do not follow very well the instructions sometimes
twisty-oval-d44.notion.site/Failure-Mode...
Failed 5/5 tests
Common problems:
Do not know how to use tools
Do not follow very well the instructions sometimes
twisty-oval-d44.notion.site/Failure-Mode...
Failure Modes of OpenAI Operator | Notion
Blog link: https://tinyurl.com/4xp5ms5s
twisty-oval-d44.notion.site
January 27, 2025 at 6:23 AM
All the hype around OpenAI Operator but no one is really testing it. Failure modes are spiking and the problems are always the same
Failed 5/5 tests
Common problems:
Do not know how to use tools
Do not follow very well the instructions sometimes
twisty-oval-d44.notion.site/Failure-Mode...
Failed 5/5 tests
Common problems:
Do not know how to use tools
Do not follow very well the instructions sometimes
twisty-oval-d44.notion.site/Failure-Mode...
Reposted by Giuseppe N3mes1s
XBOW found a critical path traversal vulnerability in ZOO-Project (CVE-2024-53982). The vulnerability exists in the Echo example (enabled by default) and allows an attacker to retrieve any file on the server. Users should upgrade to the latest version.
December 5, 2024 at 5:11 PM
XBOW found a critical path traversal vulnerability in ZOO-Project (CVE-2024-53982). The vulnerability exists in the Echo example (enabled by default) and allows an attacker to retrieve any file on the server. Users should upgrade to the latest version.
Reposted by Giuseppe N3mes1s
Apparent supply chain attack on Ultralytics, a popular AI Python library. Threat actor managed to insert cryptojacking functionality into specific versions (which have since been removed from PyPI).
github.com/ultralytics/...
github.com/ultralytics/...
Discrepancy between what's in GitHub and what's been published to PyPI for v8.3.41 · Issue #18027 · ultralytics/ultralytics
Bug Code in the published wheel 8.3.41 is not what's in GitHub and appears to invoke mining. Users of ultralytics who install 8.3.41 will unknowingly execute an xmrig miner. Examining the file util...
github.com
December 5, 2024 at 2:53 PM
Apparent supply chain attack on Ultralytics, a popular AI Python library. Threat actor managed to insert cryptojacking functionality into specific versions (which have since been removed from PyPI).
github.com/ultralytics/...
github.com/ultralytics/...
Reposted by Giuseppe N3mes1s
Exclusive: The backdoor inserted in v1.95.7 adds an "addToQueue" function which exfiltrates the private key through seemingly-legitimate CloudFlare headers.
Calls to this function are then inserted in various places that (legitimately) access the private key.
Calls to this function are then inserted in various places that (legitimately) access the private key.
December 3, 2024 at 11:47 PM
Exclusive: The backdoor inserted in v1.95.7 adds an "addToQueue" function which exfiltrates the private key through seemingly-legitimate CloudFlare headers.
Calls to this function are then inserted in various places that (legitimately) access the private key.
Calls to this function are then inserted in various places that (legitimately) access the private key.
I really hope to never see any of this in any logs coming from edr products. Or at least I hope we will have a good way to track the “undefined” behavior of this kind if applications. Agreeing on this is opening to new security risks
Stuff like this is neat, but also opens the door to an *amazing* new world of multimodal indirect prompt injection. Make sure you enforce manual approval for any 'risky' actions the system performs after it sees your desktop, and don't show it anything you want to keep private.
Here's a FastMCP server that lets Claude see your desktop.
This is the *entire* server.
> fastmcp install examples/screenshot.py
This is the *entire* server.
> fastmcp install examples/screenshot.py
December 3, 2024 at 8:25 PM
I really hope to never see any of this in any logs coming from edr products. Or at least I hope we will have a good way to track the “undefined” behavior of this kind if applications. Agreeing on this is opening to new security risks
Reposted by Giuseppe N3mes1s
If you missed my blackhat talk on the security of LLM applications, it's up on youtube now:
m.youtube.com/watch?v=Rhpq...
m.youtube.com/watch?v=Rhpq...
Practical LLM Security: Takeaways From a Year in the Trenches
YouTube video by Black Hat
m.youtube.com
November 28, 2024 at 12:25 PM
If you missed my blackhat talk on the security of LLM applications, it's up on youtube now:
m.youtube.com/watch?v=Rhpq...
m.youtube.com/watch?v=Rhpq...
Hello world. Mostly going to talk about intersection between cybersec and genai. Going to love where we are going with all this new technology without adding any control.
November 26, 2024 at 7:06 PM
Hello world. Mostly going to talk about intersection between cybersec and genai. Going to love where we are going with all this new technology without adding any control.