Olivia
Online
Jamie Clark
@JamieXML
Personal views. General counsel & CPO @OASISopen.
Open source, open standards, cybersec, privacy, DLT.
Ex-Wall St., ex-Minnesota.
More often Mastodon or BSky
infosec.exchange/@jamiexml
Joined July 2009
2K Following
2.5K Followers
25.4K Posts
Among other things we spent some time in "Hell," a #Liberties ๐ฎ๐ช Four Corners location. Namedโฆ maybeโฆ as it was the original locale of the Four Courts including the Republic's Supreme Court (https://t.co/mL76B4TEPJ) before they moved north of the Liffey.
Returning to the US over the weekend. Last couple of EU days are in Ireland. Always happy to be here and see family; another great wedding, this time. We're more often likely to travel for family than random sightseeing.
This time, we spent a bit more time up in Dublin in the #Liberties (https://t.co/4tMbeXmiYV), guided round by literary fam, to see some venerable, artsy and edgy sights new to us. Sort of a local Bohemian Quarter nowadays.
Clearly some of these selfie experiments work out better than others. Thanks, Holly and Kelly...
@OASISopen #CoSAI
Who to follow
Nat Sakimura 
@_nat_en
Nat Sakimura, Chairman, OpenID Foundation. Research in Identity/privacy/eGov/Governance etc. Co-author of OpenID Connect, JWS, JWT, FAPI, etc.
Jeremy Grant
@jgrantindc
Father, husband, Wolverine. Occasional deep thoughts on identity, cybersecurity, privacy, bourbon & music. MD @VenableLLP - all views my own.
Internet ID Workshop
@idworkshop
IIW is the worlds leading forum for User-Centric ID: #OpenID #SSI #DID #VC NEXT #IIW #42 APRIL 28 - 30, 2026 Registration is Open https://t.co/pGtEVDY283
Last few hours of #RSAc Expo before, well, Hugh Jackman. Come visit our @OASISopen standards team at Moscone North N-5157. Real #AI #standards the right way: accredited, open, #FOSS-forward and indie-friendly. Different swag this year, too: selfie Legos
#CoalitionforSecureAI
@OASISopen at #RSAc2026:
Next up: 1:30pm: Securing enterprise #AI with open, vendor-neutral standards and #opensource methods; panel from @IBMResearch and @AnthropicAI
https://t.co/NVxkgoYqPY
https://t.co/MuUnueFmCq
https://t.co/iUBF1uHkIz
#openstandards #CoSAI
@OASISopen at #RSAc2026๐:
Next up: 940am: Pablo Breuer on what we're learning from early experience of institutional users about #AIGovernance.
https://t.co/5nCFrTIMVE
#AI #governance #cybersec #CoSAI
Alternate links here:
https://t.co/hKSvjNBMqk
https://t.co/uvObbAkoMd
@OASISopen at #RSAc2026:
Good turnout at the breakfast panel at @Anthropic's SF office yesterday: Two years of #openstandards and #opensource AI security projects with the Coalition for Secure AI (#CoSAI):
@AWSCloud @AnthropicAI @Cisco @Hacker0x01 @ThompsonReuters
Software supply chains. Still some choke points there.
#CRA #SBOM #VEX #CSAF
Come say hi to @OASISopen at #RSAc2026 this week! #OASISatRSAc #COSAI #cybersec
Someone just poisoned the Python package that manages AI API keys for NASA, Netflix, Stripe, and NVIDIA.. 97 million downloads a month.. and a simple pip install was enough to steal everything on your machine.
The attacker picked the one package whose entire job is holding every AI credential in the organization in one place. OpenAI keys, Anthropic keys, Google keys, Amazon keysโฆ all routed through one proxy. All compromised at once.
The poisoned version was published straight to PyPI.. no code on GitHub.. no release tag.. no review. Just a file that Python runs automatically on startup. You didnโt need to import it. You didnโt need to call it. The malware fired the second the package existed on your machine.
The attacker vibe coded itโฆ the malware was so sloppy it crashed computers.. used so much RAM a developer noticed their machine dying and investigated. They found LiteLLM had been pulled in through a Cursor MCP plugin they didnโt even know they had.
That crash is the only reason thousands of companies arenโt fully exfiltrated right now. If the code had been cleaner nobody notices for weeks. Maybe months.
The attack chain is the part that gets worse every sentence.
TeamPCP compromised Trivy first. A security scanning tool. On March 19. LiteLLM used Trivy in its own CI pipelineโฆ so the credentials stolen from the SECURITY product were used to hijack the AI product that holds all your other credentials.
Then they hit GitHub Actions. Then Docker Hub. Then npm. Then Open VSX. Five package ecosystems in two weeks. Each breach giving them the credentials to unlock the next one.
The payload was three stages.. harvest every SSH key, cloud token, Kubernetes secret, crypto wallet, and .env file on the machine.. deploy privileged containers across every node in the cluster.. install a persistent backdoor waiting for new instructions.
TeamPCP posted on Telegram after: โMany of your favourite security tools and open-source projects will be targeted in the months to come.. stay tuned.โ
Every AI agent, copilot, and internal tool your company shipped this year runs on hundreds of packages exactly like this oneโฆ nobody chose to install LiteLLM on that developerโs machine. It came in as a dependency of a dependency of a plugin. One compromised maintainer account turned the entire trust chain into a credential harvesting operation across thousands of production environments in hours.
The companies deploying AI the fastest right now have the least visibility into whatโs underneath it.
These issues are closer than we might think to those questions about whether any human, company, remote operator, or algorithm maker actually is liable for avoidable damage caused by a fully automated self driving vehicle. #fullselfdriving #UPL #FSD
If a tree falls in the forest, and tells a litigant whether they have a case that would survive a motion for summary judgment, and no one else hears it, has it actually practiced law?
#UPL ๐ฉโโ๏ธ
https://t.co/OEOa76lnAD...
@SuffolkLITLab
Macron's glasses were pretty cool though. ๐ถ๏ธ๐ซ๐ท
#Davos is at altitude, and I'd have thought some of the cootocracy would be struggling with oxygen levels, especially if raised near sea level. Maybe all those private planes have oxygen tents? But it looks like they had other things to worry about, this time.
A big step for #ExposureManagement ๐
@OASISopen launches the OEMF with @GuidePointSec, IBM & Tenable โ setting new standards for preventing and resolving tech exposures.
Get the full details: https://t.co/gkZf6ARBcA
Wishing a safe, rewarding and happy #2026 โฐ๐ to all of our friends and tech collaborators in Oceania, North America, and South America.
๐๐๐ cc @OASISopen
๐ฆ๐ท๐ง๐ท๐จ๐ฆ๐จ๐ฑ๐จ๐ด๐จ๐บ๐ฒ๐ฝ๐ต๐ช๐ต๐ฌ๐ธ๐ง๐บ๐ธ๐บ๐พ
Wishing a safe, rewarding and Happy New Year โฐ๐ท to all of our friends and tech collaborators in Europe, Africa and the Middle East. ๐ช๐บ๐ฆ๐น๐ง๐ช๐จ๐ญ๐จ๐ฟ๐ฉ๐ช๐ฉ๐ฐ๐ช๐ช๐ช๐ฌ๐ช๐ธ๐ซ๐ฎ๐ซ๐ท๐ฌ๐ง๐ฌ๐ญ๐ฌ๐ท๐ญ๐บ๐ฎ๐ฑ๐ฎ๐น๐ฐ๐ช๐ฑ๐ง๐ฑ๐บ๐ฒ๐บ๐ณ๐ฑ๐ณ๐ด๐ต๐ฑ๐ต๐ธ๐ถ๐ฆ๐ท๐บ๐ธ๐ช๐ธ๐ฐ๐ธ๐ฎ๐น๐ท๐บ๐ฆ๐ฟ๐ฆ๐บ๐ณ
A warm Happy New Year ๐ to all of our friends and tech collaborators in AU, CN, HK, IN, JP, KR, NZ, SG and throughout Asia! ๐๐๐
cc @OASISopen
๐ฆ๐บ๐จ๐ณ๐ญ๐ฐ๐ฎ๐ณ๐ฏ๐ต๐ฐ๐ท๐ณ๐ฟ๐ธ๐ฌ
Last Seen Users on Sotwe
volkan
Seen from Turkey
Buttni
Seen from Netherlands
Tobyart
Seen from United States
sinh viรชn mแปi lแปn๐๐
Seen from Vietnam
Josh (18+)
Seen from Argentina
Xxxxxxx
Seen from France
๐Sifiso_B๐
Seen from United Kingdom
pppppppp
Seen from Indonesia
Repa
Seen from Malaysia
เธซเธฒเธเธนเนเธเธฑเธเธเธฒเธเธต
Seen from Thailand
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.3M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.4M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.9M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.5M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers