Olivia
Online
Parsia Hakimian
@CryptoGangsta
"Trust this man, he has a Power Glove."
Appsec and Static Analysis @ MSFT.
^(๐ฎ๐ท|๐บ๐ธ|๐จ๐ฆ)-ian$
Vancouver, BC / Redmond, WA
Joined June 2009
959 Following
3.6K Followers
9K Posts
ย Pinned Tweet
My very opinionated rant on getting started with AI and static analysis.
https://t.co/eDMPJ4GeqK
(Hoping) They are alive and well somewhere,
The smallest sprout shows there is really no death
- Song of Myself by Walt Whitman
@udunadan They mentioned gpt-4o-mini was performing better than larger models.
A lot of overlap with the presentation and this blog: https://t.co/9RLma2yqRV
Attended an internal talk by Taesoo Kim (of team Atlanta AIxCC) and holy shit it was a breath of fresh air. An actual nuanced take about LLM vuln research from someone who has already done it as opposed to all the Claude code hype people here.
Who to follow
Soroush Dalili 
@irsdl
Hacker (ethical), web appsec specialist, trainer, tools builder & apps breaker ๐ธ๏ธhttps://t.co/YipuTcYnWc๐ฅท ๐A dad-joke maker๐
Louis Nyffenegger
@snyff
Founder/CEO/Trainer/Researcher/CVE archeologist @PentesterLab. Security engineer. Bugs are my own, not of my employer...
Niemand
@niemand_sec
Security Researcher at @xbow - Founder at @SwordBytesSec - Ex @immunityinc - #BugBounty hunter https://t.co/x39yDRfZoA - Blog https://t.co/5P8YS1OKbh
@udunadan 3. Issue with Claude Code style VR: AI finds and AI judges. Requires a lot of human capital to verify the code and see the proof. They had much better luck with AI having access to validation harness where it could actually test its hypothesis. Granted a lot of AIxCC is fuzzing.
@udunadan What stuck with me was:
1. Larger models do not automatically mean better. They had better answers from mini models that think less and do not hallucinate for specific tasks
2. The LLMs were a small part of AIxCC, the harness and validations are the major part. /1
@tetsuo_cpp You should
Be
Writing
Like
This.
@skytaleSythe @HaifeiLi Haha. I got lucky and sold a bunch at 540 and 520 but yeah I have kept everything since the.
@HaifeiLi I donโt know cloudflare said that. I was making fun of the market randomly selling companies
@m19o__ It's the perfect opportunity to create SARIF for Markdown!
@amaanq It just the building block of every static analysis tool, no biggie ;). Thank you very much for maintaining tree-sitter.
I use models for static analysis everyday. You have to give them targeted prompts and use โtraditional sastโ to pinpoint the code to ~10KBs of hotspots to get good results. Granted a small code base in my scope is 100MBs of code so YMMV.
I am still long tree-sitter.
Introducing Claude Code Security, now in limited research preview.
It scans codebases for vulnerabilities and suggests targeted software patches for human review, allowing teams to find and fix issues that traditional tools often miss.
Learn more: https://t.co/n4SZ9EIklG
@m19o__ Thank you
@HaifeiLi Haha yeah I am sure. I literally have to use traditional sast to reduce the code to a few KBs before LLMs become usable so I am still long Office and tree-sitter.
@HaifeiLi Haha. My grant price was $420 so I am not that much under water. I actually do not hold a lot of MSFT outside of recent vests after I saw SP500 is basically tech so I cashed out to buy a home
@udunadan I only use OpenAI models running in our own Azure subscription.
@moyix Text has always been dangerous. Instruction manuals and warnings on packaging. We haw now decided to talk to machines so we need the same guard rails.
@TR4NNYKISSER People lionize and dream of being "the only person who knows X and changes $$$/hr." In my industry (security), a lot of entry level steps like helpdesk have been effectively cannibalized or outsourced but are still expected by the old guard.
@TR4NNYKISSER There is an unfortunately not so small section of experienced engineers who think this is good and provides job security. Weโve had companies who claimed to only hire seniors, Netflix being the most prominent off the top of my head.
The industry has been going down this path.
Last Seen Users on Sotwe
ๅ็กใใ
Seen from Japan
SANGEEEAN
Seen from United States
bbw hunter ๐โฅ๏ธ
Seen from Switzerland
Z ๐ NO COMMS
Seen from Singapore
nyl
Talal Raja
Seen from Pakistan
kalaisexy
Seen from Malaysia
Malay Best๐ฒ๐พ๐ฒ๐พ
Seen from Malaysia
Veyah แฅซแญก
Seen from Algeria
เธฅเธณ เนเธเธข เนเธเธฃเธดเธเน เธฅเธน เธฎเธต
Seen from Thailand
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers