Olivia
Online
Pinned Tweet
Cloud Security Podcast by Google
#CloudSecPodcast #GoogleCloud #CloudSecurity
Website: https://t.co/eWefddV2UT
Google Podcasts: https://t.co/U9MWaHvnSG
Apple Podcasts / iTunes: https://t.co/yretbrSwrL
Spotify: https://t.co/o16zoGg9fC
Twitter: https://t.co/oXeYmvmh4Y
People ask me how I stay so optimistic. The honest answer: I read the data, not the headlines.
Great companies fail because they forget about creating great products
Huge pickup for OpenAI
Who to follow
Schneier Blog 
@schneierblog
Bruce Schneier is an internationally renowned security technologist and author. Described by The Economist as a "security guru"
Dark Reading
@DarkReading
One of the most widely read and trusted cybersecurity news sites, providing IT security professionals informed insights into the latest news and trends.
Lenny Zeltser
@lennyzeltser
Builder of security products and programs. Teacher of those who run them.
Nice catch! Seriously awesome research and post. If you’re wondering what security research and VRP looks like in the future, this is it. Use the tools to get comprehensive, not just novel.
Career update: I’ve joined @OpenAI to lead Cyber as Head of Product for Cyber, where I’ll be leading OpenAI’s efforts to bring frontier AI capabilities to cyber defenders and help make software safer and more resilient by design. I’ll be teaming up with @clintgibler, an expert engineering and security research leader, who is announcing he is joining today as well.
What is now possible with frontier AI models represents a genuine step change for defenders. I’m particularly excited about the potential to improve how we:
• Analyze code and discover vulnerabilities. Models can reason across large and unfamiliar codebases, identify subtle weaknesses, focus attention on realistic attack paths, and help teams move faster from discovery to validated remediation.
• Investigate incidents and determine root causes. Security teams spend enormous time connecting fragmented signals across code, infrastructure, identities, endpoints, and applications. AI can help bring those events together, form and test hypotheses, and surface root causes faster.
• Orchestrate security work. The opportunity is not only to generate recommendations, but to help defenders safely execute work: validating findings, testing patches, improving detections, gathering evidence, and coordinating remediation.
• Make enterprise AI agents safe and controllable. As agents take on more meaningful work inside organizations, they need secure harnesses: scoped access, isolation, monitoring, verification, auditability, and clear human control. Security must be built into how agents operate from the beginning.
Our work at OpenAI starts from a simple but ambitious premise: the next generation of cyber defense should be integrated into how software is built, not only finding and patching vulnerabilities, but making systems resilient from the start.
With current model capabilities such as GPT-5.5-Cyber, alongside Codex as an agentic harness, we can give defenders more powerful tools while pairing those capabilities with appropriate verification, safeguards, accountability, and control.
Just as importantly, we need to distribute these defensive advantages broadly. Powerful security capabilities should not be limited to the largest organizations with the biggest teams. They should help developers, security practitioners, public institutions, and businesses of every size build and operate more secure systems.
And no single company can accomplish this alone. Security has always been a community effort. I’m looking forward to working closely with leaders and innovators across the cybersecurity ecosystem: vendors, researchers, practitioners, governments, and technology partners. AI will create new security challenges, but it also gives us a remarkable opportunity to strengthen the defensive ecosystem.
I’m grateful to the OpenAI team for the opportunity and excited to get started on a mission that matters deeply to me.
Career update: I’ve joined @OpenAI to lead Cyber with @michaelaiello.
Why I joined, and what we’ll be building:
It’s clear that AI is fundamentally changing how software is being written and secured.
Coding agents are writing the majority of code for many developers, software is getting shipped more quickly, and vulnerabilities that were latent for 20 years are being discovered at a rapid pace. The time to bug discovery, and exploitation once discovered, are trending down (H/T @EppSecurity and @gadievron).
I believe we have an unparalleled opportunity to fundamentally 𝘪𝘮𝘱𝘳𝘰𝘷𝘦 cybersecurity in ways that were previously impossible. (H/T @bubblewire’ BSidesSF keynote on reasons for optimism)
Over 6 years at @Semgrep, I had the privilege of working with an amazing team building what has become the most popular open source security code scanning tool in the world, that many companies have built their application security program around.
Now, at @OpenAI, I’m thrilled to be a part of a company helping shape how software is written, and how security work gets done. It is a massive opportunity, and responsibility, and I don’t take that lightly.
Here are my current thoughts about where things are headed:
𝐑𝐞𝐬𝐢𝐥𝐢𝐞𝐧𝐭 𝐛𝐲 𝐝𝐞𝐬𝐢𝐠𝐧. Defenders are not going to win playing bug whack-a-mole. We need to systematically eliminate classes of vulnerabilities, via generating secure code and streamlining the detect → validate → fix process.
𝐀𝐮𝐠𝐦𝐞𝐧𝐭 𝐚𝐧𝐝 𝐞𝐦𝐩𝐨𝐰𝐞𝐫 𝐩𝐞𝐨𝐩𝐥𝐞. We should build models and tools that give defenders “superpowers,” enabling them to be more ambitious in the scope they tackle, shift from being reactive to proactive, and allow them to automate the drudgery so they can focus on the highest leverage work.
𝐒𝐞𝐜𝐮𝐫𝐞 𝐭𝐡𝐞 𝐜𝐨𝐦𝐦𝐨𝐧𝐬. The world runs on open source software. OpenAI has already spent $Ms finding and patching vulnerabilities in the most popular and widely run software, including browsers, operating systems, and core libraries. More on this soon. We’re also working on helping secure critical infrastructure.
𝐂𝐨𝐦𝐦𝐮𝐧𝐢𝐭𝐲 𝐚𝐧𝐝 𝐩𝐚𝐫𝐭𝐧𝐞𝐫𝐬. Securing the world is a community effort. I’m looking forward to partnering with cybersecurity vendors, researchers, practitioners, governments, and more to do together what we can’t do alone.
𝐓𝐢𝐦𝐞 𝐭𝐨 𝐛𝐮𝐢𝐥𝐝. Tactically, here are some domains I’m excited about:
- Finding, validating, and reliably patching software vulnerabilities at scale.
- Eliminating classes of vulnerabilities and making software resilient by design.
- Giving broad access to the best cyber models to empower defenders, not just to a select few.
- Creating and sharing Skills and playbooks that help in many security domains.
- Building platforms that enable defenders to easily orchestrate security work.
- Making enterprise agents safe and reliable.
Time to build 😎
—
What would help you most? What should we build?
Let me know.
When Fable is removed from Claude plans later this month I’m gonna have to backfill it by hiring an employee who creatively refuses to do their work.
This is an interesting change:
@DennisF @dinodaizovi @anton_chuvakin @Adyen DINO
/ˈdaɪ.nəʊ/ verb
To bring in the serious security adult in the room. Usually used when a company has stopped pretending security is a slide in a board deck and has asked someone terrifyingly competent to sort the whole thing out properly.
“Did you DINO it before launch?”
The favorite book of many vibe coders who don't understand the basics...
I don’t see minute-by-minute updates happening either, and my recent vuln disclosures show that firmware vendors are still living in a parallel reality.
I think we need to rethink the whole concept of software. If vulnerabilities are discovered automatically, software should evolve continuously, kind of self-healing. Machines should deal with machines.
If models are just going to get better, even than Mythos, the time for those models to turn a patched vulnerability into an exploit will keep shrinking from hours to minutes.
I have a hard time imagining the entire world continuously deploying updates in minutes every time that an update for any software they use is released without other adverse effects. The right strategy has to be achieving sufficient security without relying on patching (still do it, but don't depend upon winning the race).
70+ Microsoft repos hosting credential-stealing malware on Microsoft's GitHub aimed at Microsoft-adjacent AI agents.
This seems production grade.
I'm excited to announce that today was my first day as SVP, Head of Security at @Adyen! I love that feeling of starting again where almost everything is brand new (to me).
The new killer NotebookLM feature: easily being able to expand your search beyond your own source files
Then, with today's update, you can also make new output formats: PDFs, DOCX, XLSX, PPTX, charts, etc.
We want NotebookLM to keep helping you do better research
Hi, I’m hiring a Director of Detection Engineering and Threat Hunting. It’s my role, so if your work history is like mine you might be a good candidate.
Read more: https://t.co/jICl5bHCq1
@ZackKorman Besides, that would usually turn out to be defense in width, since coverage when done that way spotty at best. 🤣
Defense in depth doesn’t mean buying every stupid and useless security product you can find.
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.3M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.4M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.9M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.5M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers