Ian Gorrie

this is the worst day in the modern human history… > axios attack occurred. 100M devices at risk of malware attack. > claude code source code got leaked, people literally put it on github. which confirms maybe mythos will probably not be the best model. > 4TB of secret data leaked from Mercor. > opus consuming entire limits in two prompts. > google announced how crypto is at severe risk after quantum made it possible to break crypto in just 10k qubits.

Holy shit… 4TB of job INTERVIEWS, RESUMES, and AI SECRETS just leaked from a $10 BILLION startup. MERCOR uses AI to match people with high-paying gigs and literally records your face, voice, KYC docs and keeps it forever to “match” you with jobs. Your FACE + VOICE + ID could be on the dark web right now. Hackers (Lapsus$) claim they stole 4 TB through the company’s Tailscale VPN: - 211 GB of candidate resumes and personal data - Terabytes of video interviews + passport + KYC docs - Almost 1 TB of source code damn that Claude Mythos "God Tier" at Cyber stuff got into the wrong hands lol

this is actually insane > be tech guy in australia > adopt cancer riddled rescue dog, months to live > not_going_to_give_you_up.mp4 > pay $3,000 to sequence her tumor DNA > feed it to ChatGPT and AlphaFold > zero background in biology > identify mutated proteins, match them to drug targets > design a custom mRNA cancer vaccine from scratch > genomics professor is “gobsmacked” that some puppy lover did this on his own > need ethics approval to administer it > red tape takes longer than designing the vaccine > 3 months, finally approved > drive 10 hours to get rosie her first injection > tumor halves > coat gets glossy again > dog is alive and happy > professor: “if we can do this for a dog, why aren’t we rolling this out to humans?” one man with a chatbot, and $3,000 just outperformed the entire pharmaceutical discovery pipeline. we are going to cure so many diseases. I dont think people realize how good things are going to get

Just hacked a VC-funded Voice AI company. I now have their prod data. I now have access to all: > medical information of customers > call recordings, phone numbers, contact names > email addresses > all SYSTEM_PROMPT for all agents they are running > API keys and Secrets > org data > OAuth Provider IDs > all webhook_events Mostly, I did IDOR and BAC attacks to get the data. I was able to retrieve all table columns and other access vulnerabilities. Once I had that, it was very easy to bypass and get all the data.

an open source AI tool was just caught BREACHING 600+ Fortinet firewalls across 55 COUNTRIES fully AUTONOMOUS, zero human in the loop its called CyberStrikeAI 100+ offensive security tools baked in, nmap, sqlmap, metasploit, nuclei, burpsuite, the entire attack chain automated you literally chat with it > hack this target, make no mistakes AI agents coordinate the attack themselves, one does recon, another scans, another exploits, another writes the report, they talk to each other and adapt based on what they find this is cobalt strike meets chatgpt except its free, open source, and backed by a state actor