Olivia
Online
teflon
@0xTeflon
CEO of Charlie Defense -
Bugcrowd/Hackerone - teflon
Virginia, USA
Joined November 2024
167 Following
860 Followers
115 Posts
@BadAt_Computers Sorry for your loss brother. My grandpa was a navy vet too. May your granddad RIP
Thank you Anthropic for reminding me that cancelling my sub earlier this month was the right decision
This is required reading today.
@caseyjohnellis didn't even write this today about MSRC - but it nails it.
Full disclosure IS the agreed upon path forward to keep a vendor in check who stonewalls, threatens, or otherwise is shit to work with for security researchers.
@usetraceix Jesus i cant believe this. Its nonstop with hosted programs too. Its slown down triage for valid bugs by months
Introducing Claude Opus 4.7, our most capable Opus model yet.
It handles long-running tasks with more rigor, follows instructions more precisely, and verifies its own outputs before reporting back.
You can hand off your hardest work with less supervision.
My final thoughts on Opus 4.6: why this model is so good, why I underestimated it, and why I'm so obsessed about Mythos.
When I first tested GPT 5.4 vs Opus 4.6 - both launched at roughly the same time - I was initially convinced that GPT 5.4 was vastly superior, because it did better on my logical tests. That's still true: given the same prompt, by default, GPT will be more competent, careful, and produce a more reliable output, while Opus will give you a half-assed, buggy solution, and call it a day.
Now, here's what I failed to realize: Opus bad outputs are not because it is dumb. They're because it is a lazy cheater. And you can tell because, if you just go ahead and tell it:
"you did X in a lazy way, do it in the right way now"
And if you show that this is serious, it will proceed to do a flawless job. That doesn't happen with dumber models. And, the more I work with Opus, the more I realize that, if you just keep pushing it, its intelligence ceiling is much, much higher than it seems. It IS there, you just need to be patient and push it. GPT, on the other hands, when it fails, it already did its best, so, pushing it further will give you no added results.
That is also one of the reasons that benchmarks lie. When Claude and GPT score the same in a given benchmark, it is likely that Claude is actually smarter, because it puts less effort. Now, consider that for a moment, and remember that Mythos is outperforming GPT 5.4 *Pro* on benchmarks. How insane that is?
Remember that Sonnet 3.5 lagged behind on benchmarks, yet everyone knew that it was superior to 4o. I think it is this effect at play: for whatever reason, Claude-series model "try less hard" on the first shot.
Because of that, even if Spud gets close to Mythos on benchmarks (which I predict will be the case), I suppose Mythos will still be superior. This also leads me to wonder if perhaps Anthropic actually has a real lead over OpenAI, that will only get larger? I could totally see a timeline where Anthropic's models become so good that OpenAI simply fails to catch up as the recursive improvement unfolds?
Just my silly thoughts though, what do I know
As always I could be wrong, and I hope I am!!
Holy shit
🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages.
The latest [email protected] now pulls in [email protected], a package that did not exist before today. This is a live compromise.
This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now.
Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that:
• Deobfuscates embedded payloads and operational strings at runtime
• Dynamically loads fs, os, and execSync to evade static analysis
• Executes decoded shell commands
• Stages and copies payload files into OS temp and Windows ProgramData directories
• Deletes and renames artifacts post-execution to destroy forensic evidence
If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.
@oegerikus @Xbow Cool post i watched the video and this exactly the type of work i do with AI as a bug hunter
@rez0__ Yeah its crazy claude found me 3 rces in the last 4 days
Been working on a new tool for bug bounty hunters and will be looking for some testers in the near future, message me if you are interested!
https://t.co/OTxHmChdGA
@S1renHead_ Yes its definitely new changes bc we've never had the issue until today when his messages started being flagged as potential spam
@thedawgyg curious, what LLM model do you use? I've been experimenting with opus 4.6 for 0day hunting in chrome libraries with AFL today and have had some luck, one high i validated and will submit soon
@vitobotta @IamKyros69 Curious whats wrong with ur extension? It works for me for the most part wxcept when creation new passwords in fields instead of copying them manually
@thedawgyg I also have some contacts. Shoot me a DM :)
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.4M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.4M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.9M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.5M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers