Olivia
Online
1377 High-yield Nukes
@buptsb
Hong Kong
Joined March 2010
1.4K Following
1.8K Followers
4.1K Posts
Welcome to the $500 era!
[$500][508811474] High CVE-2026-9896: Out of bounds write in V8. Reported by 303f06e3 on 2026-05-02
https://t.co/iVv2cRk9g4
I skimmed through the paper and source, still confusing about why do we need the model to reach arw/arce for evaluating the capability to exploit a v8 rce bug, any ideas?
seems twitter missed the ExploitBench paper? few observations:
we finally got good data on Mythos security capabilities and it's very impressive.
Mythos got full exploit chain on 18/41 v8 n-days, while gpt 5.5 only got 1 and open source models are mostly useless.
Security is not rocket science, it got smashed just because it's so easy to build a clear reward signal like Go. And it's just the warm-ups before the real challenges.
I will never understand the urge to compare LLMs to fuzzers, and the narratives of LLMs are "just" pattern match😅, we still need humans for complicated and organic bugs!
[0/1]
Bug count != exploitable bug. Finding != chaining.
LLMs are exceptional at pattern recognition on known bug classes. They are not reasoning about novel failure modes in complex multi-component systems.
The hard bugs still require humans. https://t.co/RISinVDT3d
The Supply Chain - A New Hope: The Era of AI and its impact
A new article is out!
https://t.co/EZy06espHe
@0x10n Can't agree more, by any chances that it's possible to share more about the lecture content?😀
A v8 dcheck == $500, I would start searching for how to find XSS & CSRF bugs right now.
📣📢 Calling all Android and Chrome bug hunters 🧑💻🔎!
We're updating our Android & Chrome VRP programs to ensure we can continue to reward the most challenging and impactful vulnerabilities researchers find in our products. For details, 👇
https://t.co/hyZzEIampk
AI is changing the market value of bug bounty (increasing density of researchers, discoveries necessitates a change in incentive structure).
Interested to see what this does to OSS security
@bienpnn Me too lol, tokens got burned anyway😭
@__suto Congratulations! The root cause seems to be complicated, shocked by the deep reasoning ability of your agent!
@pjwhatforlunch @reset872dbjs @FrankOverF1ow @drivertomtt @Nyaaaaa_ovo @writegsqword 3 v8 rce+sbx? Brilliant!👏🏻
composer 2 is kimi k2.5 with RL. the IDE is vscode. authorized or not, the entire $50B product is built on open source foundations other people created.
nothing wrong with building on open source. that's what it's for. but the people training these models should be getting more credit and more money than a wrapper company that evaluated base models and picked the best one.
https://t.co/yxJUMbAk8k
Traditional fuzzers generate/mutate samples, what if we have meta-auto-fuzzers which could generate fuzzers?🤔
I packaged up the "autoresearch" project into a new self-contained minimal repo if people would like to play over the weekend. It's basically nanochat LLM training core stripped down to a single-GPU, one file version of ~630 lines of code, then:
- the human iterates on the prompt (.md)
- the AI agent iterates on the training code (.py)
The goal is to engineer your agents to make the fastest research progress indefinitely and without any of your own involvement. In the image, every dot is a complete LLM training run that lasts exactly 5 minutes. The agent works in an autonomous loop on a git feature branch and accumulates git commits to the training script as it finds better settings (of lower validation loss by the end) of the neural network architecture, the optimizer, all the hyperparameters, etc. You can imagine comparing the research progress of different prompts, different agents, etc.
https://t.co/YCvOwwjOzF
Part code, part sci-fi, and a pinch of psychosis :)
Great article. Two questions after reading:
- There are certain skills needed for a researcher to succeed at low (vs. high) points in the abstraction stack. How much do they overlap?
- How do we reason about the economics of VR if we don't feel the true unsubsidized cost of AI?
👍🏻
My experience on how to play with openclaw
Managing AI agents is a management problem, not a prompt engineering problem.
https://t.co/ZGLnflgcVH
I decided to try out agentic coding/reversing, so I’m releasing a project that assists with reverse engineering in both Binja and IDA Pro. It’s an agent, not an MCP, that support multiple providers, it has some interesting features such as code exploration
https://t.co/VCY5et5LYq
@__suto 🧐Interesting idea, thanks for answering!
Last Seen Users on Sotwe
XXX JILBAB
Seen from Germany
Ridho Candra
Seen from United Kingdom
nikki
Seen from Poland
rngga
Seen from Indonesia
🔥( o ) ( o )🔥
Seen from Germany
mê se.x gay Việt Nam
Seen from Vietnam
Rehman Ali
Seen from United States
ชอบแอบถ่ายสาวอาบน้ำ
Seen from Thailand
Huy
Seen from Vietnam
BCDChix
Seen from Portugal
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers