Olivia
Online
Tyler Jespersen
@crew7sec
Security Researcher @BeyondTrust
LinkedIn:
Joined October 2011
20 Following
90 Followers
5 Posts
๐ ๐ฏ๐๐ถ๐น๐ ๐ฎ๐ป ๐๐ ๐๐ผ๐ฟ๐บ ๐๐ต๐ฎ๐'๐ ๐๐ผ๐ผ ๐ฑ๐ฎ๐ป๐ด๐ฒ๐ฟ๐ผ๐๐ ๐๐ผ ๐ฟ๐ฒ๐น๐ฒ๐ฎ๐๐ฒ ๐๐ผ ๐๐ต๐ฒ ๐ฝ๐๐ฏ๐น๐ถ๐ฐ. ๐๐
When @AnthropicAI announced that their Mythos modelย was too dangerous to release, the industry was shocked.
๐ย ๐๐ฎ๐๐ป'๐.
Because I already knew it was possible to misuse these models as self-propagating cyber weapons. I know -ย ๐ฏ๐ฒ๐ฐ๐ฎ๐๐๐ฒย ๐ย ๐ฏ๐๐ถ๐น๐ย ๐ผ๐ป๐ฒ.
It's like ๐จ๐ข๐ช๐ฏ-๐ฐ๐ง-๐ง๐ถ๐ฏ๐ค๐ต๐ช๐ฐ๐ฏย ๐ณ๐ฆ๐ด๐ฆ๐ข๐ณ๐ค๐ฉย in virology, where scientists engineer dangerous pathogens in controlled environments - so we can defend against themย ๐ฃ๐ฆ๐ง๐ฐ๐ณ๐ฆย ๐ฏ๐ข๐ต๐ถ๐ณ๐ฆย ๐ฅ๐ฐ๐ฆ๐ดย ๐ช๐ตย ๐ง๐ฐ๐ณย ๐ถ๐ด.
I took the same approachย withย AI. And what I found keeps me up at night.
๐ช๐ต๐ฎ๐ย ๐ต๐ฎ๐ฝ๐ฝ๐ฒ๐ป๐ย ๐๐ต๐ฒ๐ปย ๐๐ต๐ฒย ๐๐ย ๐ฏ๐ฟ๐ฒ๐ฎ๐ธ๐ย ๐ณ๐ฟ๐ฒ๐ฒ?
๐๐ป๐ฑย ๐๐ต๐ฎ๐ย ๐ฐ๐ฎ๐ปย ๐๐ฒย ๐ฑ๐ผย -ย ๐ฟ๐ถ๐ด๐ต๐ย ๐ป๐ผ๐ย -ย ๐๐ผย ๐๐๐ผ๐ฝย ๐ถ๐?
That'sย whatย I'llย be unpacking at @fwdcloudsec in my talk: ๐๐ฉ๐ข๐ต ๐๐ถ๐ช๐ญ๐ฅ๐ช๐ฏ๐จ ๐ข๐ฏ ๐๐ ๐๐ฐ๐ณ๐ฎ ๐๐ข๐ถ๐จ๐ฉ๐ต ๐๐ฆ ๐๐ฃ๐ฐ๐ถ๐ต ๐๐ต๐ฐ๐ฑ๐ฑ๐ช๐ฏ๐จ ๐๐ฏ๐ฆ.
Ifย you'reย working in security, AI, or just care aboutย what'sย coming - thisย one'sย for you.
And if you want more research like this - follow @btphantomlabs.ย We'reย publishing theย cutting-edgeย AI security research you need to know about before everyone else does.ย ๐ฌ
After doing just cloud stuff for so long, I figured I should hop on the AI train, so this is my first dive into AI security research https://t.co/NmgFrwo6aj
@toughyear @kmcquade3 @OpenAI @btphantomlabs Hey there!
The attack vector is command injection in the branch name whenever you make a codex task (HTTP request). More of a Privesc. So 3 options:
ChatGPT -> Github
GitHub rename branch name -> users who use in codex
ChatGPT -> GitHub -> Rename branch name -> comp other users
@bygregorr @kmcquade3 @OpenAI @btphantomlabs Hello!! ๐
The attack vector is command injection in the branch name whenever you make a codex task (HTTP request to Codex API like you said). So you intercept the request and then put bash in instead of how the request normally works and then you get the token!
I found a critical vulnerability in ChatGPT Codex!!! ๐ You can check out the full blog here:
https://t.co/9TRanSd7jk
Super excited to finally have the blog released!!
Last Seen Users on Sotwe
PECINTA IBU IBU
Seen from Indonesia
N
Seen from Malaysia
โฃVideo2 XXXโฃ1.4โโฃ 
Seen from Turkey
๐๐๐๐ช ๐พ๐๐ช ๐๐๐ฉ (+๐๐ ) ๐ณ๏ธโ๐๐
Seen from Turkey
Cadbury Cream James ๐ฃ
Seen from Turkey
ุนุงุดู ุงูุฃู
ูุงุช
Seen from France
Emreee68
Seen from Turkey
kkkddd
Seen from Netherlands
โแข. ฬซ.แขโ์ฌ์ด๋ฒํ ์คํฐ๐ธ
Seen from Korea
เธซเธฒเธเธเธเนเธงเธขเธกเธญเธกเนเธกเนเธเธฒเนเธกเนเนเธเนเธขเนเธ เธชเธเธเธฅเธฒเธเธฃเธฑเธ เธญเธขเธนเนเนเธเธเธฑเธงเธเธฒเธเธฑเธ
Seen from Thailand
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers