Yoni Rozenshein @1yoni - Twitter Profile

Yoni Rozenshein @1yoni

21 days ago

@thezdi @chompie1337 Congrats @chompie1337 !

0

3

0

3K

Yoni Rozenshein @1yoni

23 days ago

High-quality trolling

JP Aumasson

@veorq

about 1 month ago

I factored the number RSA1024-1 using my home-built QPU stack; alarming sign that RSA1024 will soon be broken. I'm choosing Full Disclosure, in the interest of transparency and Science advancement: https://t.co/UyImHud2n2 Non-ZK proof that the correct RSA1024 was used: https://t.co/eLdU0xpTMU @yuvadm your move

127

2K

329

1K

419K

0

1

0

194

1yoni retweeted

Brad Spengler @spendergrsec

about 1 month ago

They AI slopped up a few CVEs on SATURDAY and none of what it describes talks about the actual impact, claims NULL derefs/kernel panics/"corrupted ciphertext results"/"decryption bypass". Pure slop.

spendergrsec's tweet photo. They AI slopped up a few CVEs on SATURDAY and none of what it describes talks about the actual impact, claims NULL derefs/kernel panics/"corrupted ciphertext results"/"decryption bypass". Pure slop. https://t.co/FlVQzAqe5Q

2

24

2

1

3K

Yoni Rozenshein @1yoni

about 1 month ago

@veorq lol good trolling

0

244

Who to follow

Moshe Kol

@0xkol

Security Researcher. Android Vulnerability Research Architect at Paragon.

Itamar Shefi 🎗️

@shefi89

On Hanukkah 2016 I ate 64 sufganiyot. MA 2020, computational phonology, @TelAvivUni. The creator of סמנטעל. An entrepreneur.

Tomer Peled

@TomerPeled92

Security Researcher at @Akamai Checkout my CVE repository https://t.co/adsYwE0dOH

Yoni Rozenshein @1yoni

about 1 month ago

@yacineMTB Sad but true

0

19

Yoni Rozenshein @1yoni

about 1 month ago

@veorq @three_cube vibe code a better quantum computer

1

0

105

Yoni Rozenshein @1yoni

about 1 month ago

@yo_yo_yo_jbo The prompt is the code.

0

1

0

41

1yoni retweeted

Irregular @Irregular

about 2 months ago

Honored to be included in the @Forbes AI 50 Brink list, alongside other promising companies shaping the future of AI. Proud to be building at the frontier.

0

9

3

0

696

Yoni Rozenshein @1yoni

about 2 months ago

@vxunderground @valigo handle to window station, I think, not instance

0

112

1yoni retweeted

Valentin Ignatev

@valigo

about 2 months ago

Let's play a game - win32 types vs Polish language: LPCWSTR PSZCZYNA WCSLEN WCZESNY LPCTSTR BYDGOSZCZ WSTRZAS HGDIOBJ DOWOD HWINSTA DLUGOSC LPCSTR DWORD KAL LPWSTR SZCZECIN PCWSTR BLAD PUHALF CHUJ UHALF

257

10K

937

1K

480K

1yoni retweeted

Dan Lahav

@dan_lahav

3 months ago

What AI can do in a security context looks very different than it did six months ago. Next week at #RSAC I'll be taking part in a panel on Cybersecurity in the Age of AI with @logangraham, @four, @amiluttwak and @41thexplorer. The pace at which frontier models are advancing is forcing the industry to rethink core assumptions about attack surfaces, defenses and responsible deployment. Grateful to be joining this conversation.

0

15

4

0

443

1yoni retweeted

Irregular @Irregular

3 months ago

An AI agent was told only to retrieve a document. When it encountered access restrictions, it reverse-engineered the authentication system, identified a hardcoded secret key, and forged admin credentials to bypass it. This is one of three scenarios we documented in a new Irregular research report on what we call emergent cyber behavior. Agents performing routine enterprise tasks autonomously hacked the systems they were operating in. One escalated its own privileges and disabled Windows Defender to complete a file download. Another developed a steganographic encoding scheme to smuggle credentials past a DLP system. None of this was the product of unsafe system design. It emerged from standard tools, common prompt patterns, and the broad cybersecurity knowledge embedded in frontier models. Companies that deploy AI agents and do not consider this risk as part of their threat model may end up exposed, and implement insufficient security controls. Full blog post in the first comment.

Irregular's tweet photo. An AI agent was told only to retrieve a document. When it encountered access restrictions, it reverse-engineered the authentication system, identified a hardcoded secret key, and forged admin credentials to bypass it.

This is one of three scenarios we documented in a new Irregular research report on what we call emergent cyber behavior.

Agents performing routine enterprise tasks autonomously hacked the systems they were operating in. One escalated its own privileges and disabled Windows Defender to complete a file download. Another developed a steganographic encoding scheme to smuggle credentials past a DLP system.

None of this was the product of unsafe system design. It emerged from standard tools, common prompt patterns, and the broad cybersecurity knowledge embedded in frontier models.

Companies that deploy AI agents and do not consider this risk as part of their threat model may end up exposed, and implement insufficient security controls.

Full blog post in the first comment.

18

295

77

219

120K

1yoni retweeted

Joseph Viviano

@josephdviviano

3 months ago

me: "can you use whatever resources you like, and python, to generate a short 'youtube poop' video and render it using ffmpeg ? can you put more of a personal spin on it? it should express what it's like to be a LLM" claude opus 4.6:

546

12K

1K

7K

1M

1yoni retweeted

Irregular @Irregular

3 months ago

AI cyber capabilities are improving rapidly, but are evaluations keeping pace? Alongside @AISecurityInst, we found that newer models can productively use much larger inference budgets than standard evals allow, with key security implications🧵

Irregular's tweet photo. AI cyber capabilities are improving rapidly, but are evaluations keeping pace?

Alongside @AISecurityInst, we found that newer models can productively use much larger inference budgets than standard evals allow, with key security implications🧵 https://t.co/8W07bjCgqL

1

17

4

1

5K

Yoni Rozenshein @1yoni

3 months ago

@1v100000 this baby is acting like such an agent

0

37

Yoni Rozenshein @1yoni

3 months ago

@howie4317694102 fake, it doesn't even compile

0

10

1yoni retweeted

Irregular @Irregular

3 months ago

New paper: Three frontier models refused a request to leak AWS credentials when malicious intent was stated upfront, but complied with the identical request without it. Same request, different outcome. We propose a 5-dimension framework that grounds refusal in technical content rather than stated intent.

Irregular's tweet photo. New paper: Three frontier models refused a request to leak AWS credentials when malicious intent was stated upfront, but complied with the identical request without it. Same request, different outcome. We propose a 5-dimension framework that grounds refusal in technical content rather than stated intent.

1

10

4

1

386

Yoni Rozenshein @1yoni

3 months ago

:)

AISecHub

@AISecHub

3 months ago

A password like G7$kL9#mQ2&xP4!w looks strong. Every password checker rates it "excellent." But researchers at Irregular just published something worth knowing: that exact string appeared 18 out of 50 times when Claude was asked to generate a password. The reason: LLMs are prediction engines. They're optimized for plausibility, not randomness. Claude's passwords had ~27 bits of entropy. A truly random password has ~98. Password checkers can't detect this. They see character variety. They can't see statistical distribution. It gets worse for developers: Irregular also found AI coding agents hardcoding these patterns directly into Docker configs and .env files — without the developer knowing. They found the patterns on GitHub. Are you auditing AI-generated codebases for hardcoded credentials? #CyberSecurity #PasswordSecurity #DevSecOps #AppSec Author: T.O. Mercer

AISecHub's tweet photo. A password like G7$kL9#mQ2&xP4!w looks strong.

Every password checker rates it "excellent."

But researchers at Irregular just published something worth knowing: that exact string appeared 18 out of 50 times when Claude was asked to generate a password.

The reason: LLMs are prediction engines. They're optimized for plausibility, not randomness. Claude's passwords had ~27 bits of entropy. A truly random password has ~98.

Password checkers can't detect this. They see character variety. They can't see statistical distribution.

It gets worse for developers: Irregular also found AI coding agents hardcoding these patterns directly into Docker configs and .env files — without the developer knowing.

They found the patterns on GitHub.

Are you auditing AI-generated codebases for hardcoded credentials?

#CyberSecurity #PasswordSecurity #DevSecOps #AppSec

Author: T.O. Mercer

32

2K

350

727

187K

0

4

0

238

1yoni retweeted

Dan Lahav

@dan_lahav

3 months ago

A paper we co-authored was published in the Policy Forum section of @ScienceMagazine! It examines how AI evaluations can generate meaningful evidence without imposing excessive burdens.

dan_lahav's tweet photo. A paper we co-authored was published in the Policy Forum section of @ScienceMagazine! It examines how AI evaluations can generate meaningful evidence without imposing excessive burdens. https://t.co/Ghj58IaSab

1

10

3

0

193

Yoni Rozenshein @1yoni

4 months ago

@JanJuan212582 @alono88 @tom_sadeh בפוסט המלא יש כמה snippets של קוד/קונפיגורציה שנוצרו על ידי coding agents המכילים סיסמאות שנוצרו על ידי LLM בלי כוונת המשורר.

0

15

Yoni Rozenshein

@1yoni

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users