Olivia
Online
ma x
@drivermaxt
Max
Joined January 2022
1.2K Following
37 Followers
2.3K Posts
经过半年的沉淀和一个月的高强度的维护与工程化,从misc-mcp到muteki project,今天正式开源本人半年沉淀的真正意义上的开源的多模型 CTF 求解 AI agent 蜂群,项目地址:https://t.co/CukKfCNa3X
项目的愿景就是做到人如其名,成为真正意义上的无敌。
项目虽然高强度维护和工程化了一个月,但是还有很多地方存在问题,但是核心的框架和架构已完成落地和验证,单人全自动3小时速通RIFFHACK: Black Market Break-In,两小时速通春秋云镜的三个月0解渗透靶场,以及等等各种比赛的一血和题解。
项目框架汲取了很多的社区灵感和经验,我也不希望把这套东西全部藏着掖着弄什么多少多少star才开源xx部分,然后拿着别人的东西硬吹是自己的东西,还要最后说什么怕打击别人自信心。再搞个什么vibe的炫酷官网写一堆没有实际价值的这些东西。
我觉得吸收社区再回馈于社区就够了。欢迎广大ctfer进行尝试使用,目前可能还有一些bug测试的不够充分和一些问题。欢迎随时提issue和评论进行反馈。
感谢@Randark_JMT 给予的渗透测试靶场和writeup用于学习训练
其余两位师傅没有x,就不在这艾特感谢了。
Alisa Liu 在准备 OpenAI 面试时,提到过 斯坦福课程 CS336: Language Modeling from Scratch。
如果你现在想系统学 LLM,或者以后想找 AI research / MTS / ML engineer 相关的工作,这门课很值得放进学习计划里。
CS336 的名字叫 Language Modeling from Scratch,重点也确实在 “from scratch”。它从 tokenizer 开始,一路讲到 transformer、optimizer、PyTorch、GPU、Triton、FlashAttention、parallelism、scaling laws、data pipeline、post-training 和 alignment。
它把一个语言模型从训练前的数据处理,到模型结构、训练效率、算力估算,再到后训练和对齐,串成了一条完整链路。
这对找 AI 工作的人很有帮助。
很多面试可能会:
让你手写 attention
让你解释训练为什么慢
让你判断显存和 FLOPs 怎么算
让你 debug 一个 training loop
让你讨论 data、model size、compute 之间怎么取舍
让你解释 pretraining、SFT、RLHF / RLVR 分别解决什么问题
如果只靠零散资料学,很容易知道很多名词,但不知道它们在一个真实训练流程里怎么连起来。
CS336 的好处是它一直贴着现在行业里真实用的东西讲。2026 版里已经结合最新的LLM模型譬如Minimax来讲这些内容。
更难得的是,Stanford 把课程网站、作业和 YouTube 录像都公开了。看看它的课堂作业, 几乎就是你在公司上班要做的工作。
你在学习CS336的过程中, 可能会需要补充一些基础。同样的, 哈佛和斯坦福都有公开课程帮助你学习这些基础::
Harvard CS50 AI:适合补 AI 基础和 Python 项目感
Stanford CS229:适合补传统 ML 和数学框架
Stanford CS224N:适合补 NLP / transformer 之前的语言模型脉络
Stanford CS231N:适合补 deep learning 和视觉模型
但如果目标是今天的 LLM / AI research / AI infra,CS336 是我会优先推荐的一门。
https://t.co/Wdg5n9rteT
I may have gotten @OpenAI’s ChatGPT-5.5 Pro to produce a candidate counterexample to an open problem from Don Knuth's The Art of Computer Programming.
Exercise 210 in Volume 4, Fascicle 8A (https://t.co/8NhO16kJIC, page 55) asks a question about generating-function denominators for Hamiltonian cycles and paths in knight tours on m x n chessboards. It’s rated HM46, in the range of 46-50 that Don Knuth uses for open problems.
The model produced a computer-assisted counterexample for m = 5. I then used Codex with GPT-5.5 on Extra High settings and @AnthropicAI's Claude Code with Opus 4.8 on Ultracode (on a 20x Claude Pro plan) to independently rebuild and verify the supplied programs and certificates. So far, the checks reproduce the findings and haven’t found any mistakes. That said, this absolutely needs human expert review.
In the interest of transparency, I’m sharing the conversation, writeup, and code below. I’d be grateful if any mathematicians with expertise in Hamiltonian paths, transfer matrices, or knight-tour enumeration could verify or refute the claim. Feel free to contact me via X or via email at [email protected].
I'm also incredibly grateful to Liam Price (@Liam06972452, solver of Erdős Problem 1196) for sharing his LLM-assisted math workflow. Regardless of the final outcome, this has been such a fun and intellectually stimulating experiment!
Links
conversation: https://t.co/JZH47QNDd0
writeup: https://t.co/wNEfIdNRtS
repo: https://t.co/FRjdWcYzUn
P.S. if anyone knows the appropriate way to send a concise note/package to Don Knuth or someone working on TAOCP Fascicle 8A, I’d appreciate guidance, since I know Don doesn't typically respond to emails and prefers correspondences via physical mail.
This is a new paradigm for interacting with Claude that is significantly more "inline" with all the other human activity org-wide. Once you do all of the under the hood engineering work to make this "just work" (e.g. across tools, integrations, compute environments, memory, security, etc.), Claude basically joins the team in a seamless way - you can talk to it as you would talk to a person and it can help with a very large variety of workloads.
Imo this is the 3rd major redesign of LLM UIUX. The first paradigm was that the LLM is a website you go to, the second was that it is an app you download to your computer. This third one is that it is a self-contained, persistent, asynchronous entity with org-wide tools and context, working alongside teams of humans. It really takes a while to wrap your head around it, but it works and it is awesome.
正式开源我的漏洞挖掘工具:https://t.co/wCNN7rb4bq
这是一个基于 AI Agent 的全自动漏洞挖掘工作流,你只要告诉 AI 你要找什么项目的漏洞,它就会自动下载代码和文档,深度审计代码,发现可疑漏洞,自动在本地和线上验证漏洞,最后生成报告。
Alpha leak: 如果你有很多 AI token 用不完,你可以给 agent 一个 goal,让它去各大白帽平台搜索赏金任务,寻找漏洞,获得赏金。
We taught a brand-new mini-series this year at @SCSatCMU on Modern GPU Programming for ML Systems, as part of the ML Systems course, touching on fun questions like what data layout swizzling is, how to use 3D TMA, and state-of-the-art Blackwell programming. We released a curated online book based on the materials: https://t.co/5ZJg2lySNO check it out
We pulled in $117,000 in Chrome bug bounties with simple tricks; on Wednesday, Quang Luong will spill his secrets at the Stanford AI Security Conference:
https://t.co/Fhq0NH13jn
Fun fact: Quang is probably the only researcher in the known universe who still uses Gemini to find bugs.
Before the end of the year, Calif researchers will be presenting at Blackhat USA, Defcon, and Hexacon. We're also hoping to make it to Unprompted AU, OffensiveCon, and Objective By The Sea.
At Black Hat USA, Dionysus Blazakis and the team will walk through the bugs and exploit chain used in the Apple MIE bypass discovered a few months ago.
https://t.co/dfeYJSzFVT
At DEF CON, we will tell the story of hacking software that helps run the Internet backbone.
At Hexacon in Paris, @brucedang and I will give the keynote. Apple announced MIE there last year, so it'll be a fun one. I suspect they only wanted Bruce, but keynotes require a certain amount of professional nonsense, and Bruce is far too honest for that, so I got invited too. My job is marketing, which is to lie without getting caught.
What's wild is that none of this existed at the beginning of the year.
We started with a simple realization: very few people have both deep security expertise and access to the best AI models.
So we went all in and never looked back.
Back in March, we called a company-wide all-hands on a Saturday. The title of the invite was: "AI Tsunami and Our Actions."
I don't want to romanticize overwork, but what we were seeing felt too urgent to wait until Monday.
Then everyone started cooking. The results have been spectacular.
Our research on defeating Apple MIE made it into The Wall Street Journal. We signed major contracts with Anthropic, OpenAI, Google DeepMind, and xAI. While others are celebrating access to the latest models, we've been using them to explore the frontiers of vulnerability research.
In the first half of 2026, we're already surpassing our entire 2025 bookings. Most importantly, we've assembled a top-tier team in record time.
I've read many strategy books, but this is the first time I've witnessed the power of the right strategy at the right time.
Focus is the name of the game. Strategy is deciding what to ignore. For one month and a half, we stopped starting new projects. I've personally shelved a lifelong passion in Vietnam, because it isn't a priority for the company. You can only move fast when you're light.
Several people were upset when we changed direction so abruptly. That's normal. If nobody complains, you probably didn't focus.
Of course, strategy isn't magic. You can make a focused bet and still be wrong. We were fortunate that this one worked out.
None of this would be possible without our partners and supporters across the frontier labs. Thank you.
https://t.co/EL53VW8eIz
https://t.co/XZijYZGI9L
https://t.co/W5m5yxKmHp
https://t.co/V8ph4lzUeB
Sorry guys, World of Claudecraft was too good that it got Fable shut down 🤯
https://t.co/qwlIcpuLCi (7500 users)
https://t.co/kIpmEpqbm5 (440 stars)
https://t.co/Yxn3Cm6fjf
https://t.co/rqciUNWkFB
LLMs explained without all that yucky math stuff
https://t.co/cpgVukSbJx
Claude Code can now run an entire PhD-level research pipeline by itself.
it runs a 10-stage workflow from blank page to publication-ready PDF, replacing the work of a PhD advisor, three peer reviewers, and a copy editor in one repo.
→ Deep research with 13 agents (PRISMA + systematic review)
→ 12 agents write the paper section by section
→ 5-person peer review (Editor + 3 Reviewers + Devil's Advocate)
→ Integrity agent catches fabricated citations + stat errors
→ Final output: LaTeX → PDF, ready to submit
After the paper is finalized, it runs a Collaboration Quality Evaluation that scores YOU, across 6 dimensions, 1–100. Direction setting, intellectual contribution, quality gatekeeping.
It tells you exactly where you were the bottleneck.
Drop it into .claude/skills/ and the whole pipeline auto-loads. Works in Claude Code, Cowork, and as a Claude Project.
100% open source. CC-BY-NC 4.0.
🚨 Mini Shai-Hulud/Miasma has now spread to PyPI.
Socket found 37 malicious artifacts across 19 PyPI packages.
The packages abuse #Python .pth startup behavior to launch a Bun-powered credential stealer targeting developer, cloud, and CI/CD secrets.
https://t.co/tYhmMqvjyw
🚨 Des cybercriminels vendent un générateur de fausses cartes d'identité françaises pour 800 €
La suite logique des fuites de données personnelles est aujourd'hui sous nos yeux : la création de fausses identités toujours plus crédibles.
📂Noms, prénoms, dates et lieux de naissance, adresses, numéros de téléphone, adresses e-mail, parfois même photos d'identité... Des millions de données circulent déjà entre les mains de cybercriminels à la suite de nombreuses compromissions.
Les démonstrations publiées montrent un logiciel permettant de générer et personnaliser des cartes nationales d'identité françaises à partir de photos et d'informations personnelles, tout en affichant un prétendu contrôle de conformité.
Avec des données réelles issues de fuites et ce type d'outil, des fraudeurs peuvent créer des documents particulièrement crédibles pour :
👉usurper une identité ;
👉ouvrir des comptes bancaires ;
👉contourner des procédures KYC ;
👉souscrire des crédits ou services frauduleux ;
👉réaliser des escroqueries administratives ou financières ;
👉créer des comptes sous de fausses identités.
Cette combinaison entre fuites massives de données et outils de falsification toujours plus sophistiqués représente aujourd'hui une menace majeure pour les particuliers, les entreprises et les administrations.
https://t.co/i2OJe0jZTl
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.6M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.2M followers
Justin Bieber
@justinbieber
90.9M followers
KATY PERRY
@katyperry
87.6M followers
Taylor Swift
@taylorswift13
81.4M followers
Lady Gaga
@ladygaga
73M followers
Virat Kohli
@imvkohli
69.8M followers
Kim Kardashian
@kimkardashian
69.8M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.9M followers
Neymar Jr
@neymarjr
62.5M followers
The Ellen Show
@theellenshow
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.7M followers