Tim
@t7d-dev.bsky.social
AI Testing Tip: I encountered a potential remote code execution vulnerability in an AI application that turned out to be a hallucination from the model. Although all of my exploits were tested locally and worked, the result did not.
Better use a shasum with random input to verify.
Better use a shasum with random input to verify.
June 29, 2025 at 10:09 AM
AI Testing Tip: I encountered a potential remote code execution vulnerability in an AI application that turned out to be a hallucination from the model. Although all of my exploits were tested locally and worked, the result did not.
Better use a shasum with random input to verify.
Better use a shasum with random input to verify.
A quick personal reminder to all (AI) startups: At the very least, implement a security.txt file in your web root to enable security researchers to quickly disclose vulnerabilities to you. There are so many bugs out there!
securitytxt.org
securitytxt.org
security.txt
A proposed standard that allows websites to define security policies.
securitytxt.org
June 28, 2025 at 10:15 AM
A quick personal reminder to all (AI) startups: At the very least, implement a security.txt file in your web root to enable security researchers to quickly disclose vulnerabilities to you. There are so many bugs out there!
securitytxt.org
securitytxt.org
Remember this weekend (27.06.-29.06.) is Google CTF time. It is always fun to participate! It will be interesting to see how much LLM use will happen to auto solve the challenges. Anyone playing?
capturetheflag.withgoogle.com
#security #ctf
capturetheflag.withgoogle.com
#security #ctf
June 26, 2025 at 7:40 AM
Remember this weekend (27.06.-29.06.) is Google CTF time. It is always fun to participate! It will be interesting to see how much LLM use will happen to auto solve the challenges. Anyone playing?
capturetheflag.withgoogle.com
#security #ctf
capturetheflag.withgoogle.com
#security #ctf