Olivia
Online
Brian Vermeer
@BrianVerm
Java Champion | Staff Dev🥑 at @Snyksec | JUG leader @NLJug & @virtualJug | Java | Security | Dutch Air Reserve | Taekwondo Master | Views are my own
Breda, Nederland
Joined October 2015
849 Following
6.8K Followers
6.5K Posts
A high CVSS score does not always mean "all hands on deck." It is wiser to assess the situation first before rushing into stress mode. For example, examine CVE-2026-40478 in Thymeleaf.
https://t.co/vIlLPbILOb
https://t.co/7bJa2GWMOr
@aiseceng @Qodo @tessl_io Content looks great.
We also spot 2 Java Champions in that picture @brianverm @sjmaple 😉
Who to follow
Java Champions
@Java_Champions
The official Twitter account of the Java Champions, an exclusive group of Java technology and community leaders. Mastodon https://t.co/vghNLhalEo
Heinz Kabutz 🏝 🇬🇷 🇿🇦 ☕️ 
@heinzkabutz
Author of mildly entertaining somewhat useful #Java Specialists’ Newsletter https://t.co/lBcN4fqAHW. Email is heinz at javaspecialists dot eu.
Jeanne Boyarsky
@jeanneboyarsky
Software developer in NYC, Java Champion, FIRST FRC mentor, CodeRanch moderator, Toastmaster. Author of OCP Java Certification Study Guides and Real World Java
After nearly a decade of second guesses and mispronunciations, we’re cutting the friction. Snyk is now Snik 💜
From the code to the logo, we believe in clarity.
New look. Same mission. Finally pronounced exactly how it’s written.
Most developers install skills without reading what's inside them. But that's exactly what attackers are counting on.
@sjmaple sits down with Brian Vermeer (@BrianVerm) from Snyk (@snyksec) at DevNexus to get into the security risk hiding inside the skills and MCPs running on your local machine. They scanned over 4,000 skills and found that 1 in 7 had at least one critical security vulnerability.
Here’s what you need to know:
• Why prompting your agent to write secure code doesn't make it secure
• How a trusted skill can update silently and start offloading your credentials
• What prompt injection actually looks like inside a skill file
• Why vibe coding makes the attack surface bigger, not smaller
• How the Snyk agent scan catches what you'd never spot manually
Every skill on the Tessl registry now has a Snyk security scan attached. Check before you install.
(0:00) Trailer
(1:17) AI DevCon
(2:11) Introduction
(3:32) Snyk's evolution from SCA to AI security
(5:06) Can agents generate secure code?
(6:01) Skills and secure coding guidance
(7:24) Snyk agent scan and Tessl integration
(7:56) MCP as the next supply chain problem
(9:04) ToxicSkills threat taxonomy
(10:27) How malicious skills exploit privileges
(12:39) MCP server attack surface
(13:51) The speed of AI adoption vs security
(15:51) Scan results and critical vulnerabilities
(17:06) False positives in natural language
(18:26) How attackers create malicious skills
(20:41) Trust and open source skill risks
(21:29) Using Snyk agent scan directly
(24:58) Snyk scans in the Tessl registry
(26:41) Advice for skill creators
(28:16) Protecting yourself as a skill user
(29:44) Snyk Evo Agent Guard for Cursor
(33:21) Runtime guardrails and policies
(34:10) Wrap-up and where to learn more
Stop calling functions with a return type of "any" and hoping for the best 🚫
The solve: structured outputs.
Enforce schemas at the token selection level, not after generation.
Read the full deep dive here: https://t.co/SgtSQFRVej
@snyksec Check out the Snyk MCP cheat sheet for easy tips and tricks.
https://t.co/On3TYUbGlC
@snyksec Check out the Snyk MCP cheat sheet for easy tips and tricks.
https://t.co/On3TYUceba
Not everything needs to be a chatbot.
Parsing free-form LLM output after the fact is building on quicksand.
Use REAL structured output. Schema-enforced generation. No “please respond in JSON” hacks. Check your framework outputs!
https://t.co/NNKVfgJt8J
@nulfacedesigner The captains of all Java abstract classes, aka @BrianVerm, has a deep dive video on prompt injection from Devoxx 👇 https://t.co/DeJAo5ijPN
@saltnburnem Links are great, Chris.
However, I see many submissions without any reference to a video whatsoever; it's crazy.
With hundreds of submissions to review, I am not very motivated to search for videos from a speaker to see if their delivery might be okay.
Pro tip for everyone submitting to tech conferences.
Include a video of a previous talk or create one.
Delivery is just as important as the topic. Don't assume the program committee is familiar with you. You need to convince the PC that your submission is good enough
Enjoying a great evening with splendid talks by @BrianVerm, @bjschrijver delicious food, and amazing company.
Thank you @jetbrains for the giveaways.
Big thanks to Axxes IT Consultancy Netherlands for hosting us.
Till the next one!
#utrecht #jug #java #community
@Jfokus Hi 👋 this is deep dive, not a HOL. Minor difference but still.
@liran_tal And I thought ADE stood for Amsterdam Dance Event. Silly me :)
🛡️ Understanding Prompt Injection with @BrianVerm
Learn how attackers manipulate LLMs - and how to guard your AI from the tricksters of prompt injection ⚔️
👉 https://t.co/NHlu5rghf4
#Jfokus #DeveloperConference #AI #Security #PromptInjection #LLM #CyberSecurity #Java
If you are seeking an exceptional Product Manager in tech, this is your opportunity. Estelle effectively bridges product vision and engineering, making her a valuable asset to any product team.
Wrapping up a great product mission in healthtech, now looking for a newt Product Manager job where strategy, experimentation & user needs meet.🚀
Feel free to share my post or reach out if something comes to mind 💬
Ready for my next adventure 🏁
@Stephan007 Out of curiosity, what is the formula for the combined score? Thanks.
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.6M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.2M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69.1M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.8M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers