Olivia
Online
Jim Manico from Manicode Security
@manicode
AI and AppSec Educator. Secure coding system prompts.
Kauai, HI and Cobb, CA
Joined July 2009
6.1K Following
17.2K Followers
43.7K Posts
Pinned Tweet
From my experience all software developers are now security engineers wether they know it, admit to it or do it. Your code is now the security of the org you work for. #GoldenAgeOfDefense
On advanced corporate jargon….
https://t.co/J5CS87YODP
🤩
Who to follow
James Kettle
@albinowax
Director of Research at @PortSwigger aka @Burp_Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3
Jeremiah Grossman
@jeremiahg
Cybersecurity Pro. CEO, Root Evidence (@rootevidence) Founded WhiteHat Security, Bit Discovery. Venture Capitalist (https://t.co/Eln33VFWwf). BJJ Black Belt.
edskoudis
@edskoudis
President SANS Technology Institute College. SANS Fellow. CEO @CounterHackSec. @RSAConference Keynoter. IANS Faculty. BoD @manasquanbank & https://t.co/WD7vkoH5lH.
Your AI coding assistant ships insecure code by default. Missing auth, broken JWT checks, injection.
Manicode fixes that. Secure-coding prompts + skills for Copilot, Cursor & Claude Code. Meta's CyberSecEval benchmark: .NET +80% React +27%
[email protected] if interested :)
Your AI coding assistant ships insecure code by default. Missing auth, broken JWT checks, injection.
Manicode fixes that. Secure-coding prompts + skills for Copilot, Cursor & Claude Code. Meta's CyberSecEval benchmark: .NET +80% React +27%
[email protected] if interested :)
You’re right. The hype is gaslighting.
Most of what gets posted is theater. But the reason it looks like nothing useful gets produced is that 90% of people are pointing AI at huge vague tasks and getting slop.
Where I see it actually work is small, well-scoped, testable stuff with tight guardrails. Spec driven development.
A lot of the spec driven AI people I know are not on Twitter posting “magic solutions” to fix AI. They are getting work done and building product.
@0xBoku @bcherny @AnthropicAI I suggest that you bump up to 4.8 and request that your cyber access be accelerated.
https://t.co/aYKZTusHTZ
@sarahyang_00 @minchoi New GitHub issue: plan carefully to extract all my data from salesforce and build an agent version specific to my business
This is exactly what I author in my courseware and I’m grateful folks are listening. The MCP spec helps, and the work of the AISVS team which I’m on also helps. Some are really doing this work, in class, in standards and in practice. 🤙 I’m grateful for the folks I work with who care about this. You too!
@IceSolst Sophos got a huge security report from Tavis on a Friday night, said thank you, and spent the weekend fixing it all.
After I saw it go down, all corporate response is second to that.
Fix your damn bugs. 🐞
And just to be more honest, the practical threat to symmetric crypto (AES-128) is contested and probably minimal, but Grovers math is solid.
Grovers algorithm is dead.
https://t.co/FM01d7ySha
#PQC
@enjojoyy Research loops, spec driven development runs.
If I spend waking hours building machine readable specifications for applications, I can let CC run all night.
@vasuman What does your CLAUDE.md look like?
I’ve noticed that Claude Code works brilliantly with well designed applications using modern frameworks, and problems really show up in messy multi-framework legacy garbage.
So a theory is, Claude is way better for new applications designed well. Codex is better for going after legacy messes where serious surgery is needed.
So for those doing spec driven development on modern frameworks? You’re experience is likely positive.
Those vibe coding legacy messes? You likely hate Claude.
I’m curious if this matches your experience!
@guneysol How complex is your CLAUDE.md?
I learned a great deal about crypto and key management from Dino. Keep a close eye on this guy.
It's becoming increasingly important to understand the real security properties of cryptographic key storage. A related problem is secure provisioning of those cryptographic keys.
The shortcut is to just learn from established systems vs. slowly rediscovering the need for them.
I'm delivering a webinar on Claude Code (spec driven development) to help us all use Claude Code and other AI coding tools with quality, security and maturity.
This will land June 15 @ 10am PT. Hope to see you there. I love doing these and feel it's high value info for you!
https://t.co/KFPkAS5lj9
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers