Andreas

> install chrome in 2010 because it's faster > let it save every password > let it autofill cards, addresses, ssn > google builds a file on you fatter than your therapist's > "we don't sell your data" → FALSE > data broker leak: 800m chrome profiles dropped on a torrent > your meds, your porn, your debts, your affair: all of it > insurance premium doubles > loan denied, no reason given > landlord ghosts you > nobody owes you an explanation > mfw "if you have nothing to hide you have nothing to fear"

“The vulnerability with the highest CVSS score in this month’s update is a critical remote code execution flaw in the Microsoft Devices Pricing Program. CVE-2026-21536 (CVSS score: 9.8), per Microsoft, has been fully mitigated [...] Artificial intelligence (AI)-powered autonomous vulnerability discovery platform XBOW has been credited with discovering and reporting the issue.” https://t.co/w9hhiuot2R

The window between vulnerability disclosure and real-world exploitation keeps shrinking. The Zero Day Clock visualizes how fast attackers are operationalizing new CVEs. What used to take months now often happens in days, or hours. The future needs to be Secure by Design. https://t.co/zFXOSKB7eq #AppSec #CyberSecurity

Kali just published a guide on piping pentesting tools through Claude's API and didn't mention data security once. You're sending scan results, target info, and potentially sensitive findings to a third party LLM. "The Most Advanced Penetration Testing Distribution" should probably mention that. https://t.co/HBLYd09cjz

>OSS everyone rely on get too many PRs from bots >OSS teams start using Claude Security to review PRs >Malicious PR w/ prompt injection in tests >PR marked safe by CS >Human reviewer read CS report instead of diff >Report sounds good, merges the PR >OSS repo compromised, cascade

The universal pattern 1. Attacker controls target server 2. Server returns payload in banner/HTTP/DNS/cert 3. AI tool captures raw output 4. Output enters LLM prompt with ZERO sanitization 5. LLM follows attacker's instructions Pick your favorite AI pentest tool off GitHub untrusted external data treated as LLM instructions.