Olivia
Online
Leyart
@Leyart
Zurich, Switzerland
Joined February 2012
846 Following
231 Followers
1.4K Posts
Pinned Tweet
Since today @opengrep secures every pull request monitored by Keymaster, our CI/CD security pipeline.
Reach me out if you want to know more about how we did it and how we provided a smooth #DevEx security solution to our engineers with open source tools
#cybersecurity #appsec
@heynavtoor You are a clueless spammer and engagement farmer troll, one more for the banlist
@DrApocalypse Io mi farei due domande su sto risultato predetto a sto punto
@DrApocalypse Gazzetta da l'Italia vincente 2-0 a quanto pare. Ora han rimosso la pagina
Who to follow
@guidepointsec 
@GuidePointSec
GuidePoint Security provides trusted cybersecurity expertise, solutions, and services that help organizations make informed decisions and minimize risk.
Andy Touch (Same on 🟦⛅)
@andytouch
Creative Developer / Games, Demos, Tools, VFX!
Loud Gigs / TCG / Weird Films
(He/Him)
MuRo
@MuRo_CG
Shoost developer | Creative Director | Unity,VR | アニメ調の3d表現が得意 | #PlayAniMaker #Shoost | FANBOX https://t.co/GakLb3KY8p | Patreon https://t.co/zh9zRF94N4
@IceSolst And that's why you do it with open source tools.
If you already have to spend time integrating something, it better be something on which you can have full control on and does not cost one kidney of each developer you have
The SIEM Demo Lied to You https://t.co/frytpnD7kG
@HackingDave If only I had the possibility to run a Sonnet 4.6 or 4.5 locally on my machine, that's all I would need for the rest of my life. Let's hope that day comes soon enough
@IceSolst I know that lately their security posture has not been great but I still trust them. What about starting from something like https://t.co/SJ1a9f04fO instead of starting from scratch?
@0xTib3rius As it should be
@IceSolst Even if they would be leaked, it won't matter at that point.
Environmental variables used in production should be synced from a secure vault (e.g. HCV) at runtime, so impossible to be leaked and accessed by an LLM (unless the llm is the prod app itself and has disk/shell access)
@IceSolst Imho secrets on developers machines should be tied just to development environments so low risk because they would not affect anything production related. The code pushed to master used for production deployment would be gated in CI/CD.
@AlfonsoFuggetta Per quanto riguarda il nostro settore e in particolare il mio, Application Security, I modelli anthropic non hanno rivali. Purtroppo non ho ancora trovato modelli Open Source che diano la stessa consistenza e affidabilità di risultato.
We built a multi-agent AI system that produces production-ready Nuclei detection templates overnight. Here's how it actually works.
Multiple specialized agents, three model providers, and an actor-critic refinement loop that iterates on templates until they pass validation.
Each agent uses the right model for the job. Research, code generation, asset correlation in Praetorian Guard, and exploitation analysis — all orchestrated through a structured pipeline.
Read the full architecture breakdown 👇
https://t.co/mXGmHm2qC8
@0xTib3rius @IceSolst Openclaw is just the tip of the iceberg, because it is open source and obviously visible to everyone. The real question nowadays is how many companies with closed source products are following the same trajectory all in the name of delivery speed
@0xTib3rius Too Many Bones, Wroth, Kingdoms Forlorn, Tainted Grail
@0xTib3rius @AcrossPondPod If you need someone telling a story on how to move from fullstack development to application security, feel free to ping me :) it's also a war story
New: I'm sharing the @trailofbits Claude Code defaults. This is how we setup, configure, and use claude code:
https://t.co/aEIXdpCztt
We need a new social contract: I trust you, but your AI agent is a snitch.
We’re chatting on Signal, enjoying encryption, right? But your DIY productivity agent is piping the whole thing back to Anthropic.
Friend, you’ve just created a permanent subpoena-able record of my private thoughts held by a corporation that owes me zero privacy protections.
Even when folks use open-source agents like @openclaw in decentralized setups, the default /easy configuration is to plug in an API resulting in data getting backhauled to Anthropic, OpenAI, etc.
And so those providers get all the good stuff: intimate confessions, legal strategies, work gripes. Worse? Even if you’ve made peace with this, your friends absolutely haven’t consented to their secrets piped to a datacenter. Do they even know?
Governments are spending a lot of time trying to kill end-to-end encryption, but if we’re not careful, we’ll do the job for them.
The problem is big & growing:
Threat 1: proprietary AI agents. Helpers inside apps or system-wide stuff. Think: desktop productivity tools by a big company. Hello, Copilot. These companies already have tons of incentive to soak up your private stuff & are very unlikely to respect developer intent & privacy without big fights (Those fights need to keep happening)
Threat 2: DIY agents that are privacy leaky as hell, not through evil intent or misaligned ethics, but just because folks are excited and moving quickly. Or carelessly. And are using someone’s API.
I sincerely hope is that the DIY/ OpenSource ecosystem that is spinning up around AI agents has some privacy heroes in it. Because it should be possible to do some building & standards that use permission and privacy as the first principle.
Maybe we can show what’s possible for respecting privacy so that we can demand it from big companies?
Respecting your friends means respecting when they use encrypted messaging. It means keeping privacy-leaking agents out of private spaces without all-party consent.
Ideas to mull (there are probably better ones, but I want to be constructive):
Human only mode/ X-No-Agents flags
How about converging on some standards & app signals that AI agents must respect, absolutely. Like signals that an app/chat can emit & be opted out of exposure to an AI agent.
Agent Exclusion Zones
For example, starting with the premise that the correct way to respect developer (& user intent) with end to end encrypted apps is that they not be included, perhaps with the exception [risky tho!] of whitelisting specific chats etc. This is important right now since so many folks are getting excited about connecting their agents to encrypted messengers as a control channel, which is going to mean lots more integrations soon.
#NoSecretAgents
Something like a developer pledge that agents will declare themselves in chat and not share data to a backend without all-party consent.
None of these ideas are remotely perfect, but unless we start experimenting with them now, we're not building our best future.
Next challenge? Local Only / Private Processing: local-First as a default.
Unless we move very quickly towards a world where the processing that agents do is truly private (e.g. not accessible to a third party) and/or local by default, even if agents are not shipping signal chats, they are creating an unbelievably detailed view into your personal world, held by others. And fundamentally breaking your own mental model of what on your device is & isn't under your control / private.
@IceSolst GITHUB_TOKEN=ghs_a1B2c3D4e5F6g7H8i9J0k1L2m3N4p5Q6
Excited to disclose my research allowing RCE in Kubernetes
It allows running arbitrary commands in EVERY pod in a cluster using a commonly granted "read only" RBAC permission. This is not logged and and allows for trivial Pod breakout.
Unfortunately, this will NOT be patched.
@Grummz Why wasting money on that when you could buy a distiller from https://t.co/M0xXQJx2iH
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.6M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.2M followers
Justin Bieber
@justinbieber
90.9M followers
KATY PERRY
@katyperry
87.6M followers
Taylor Swift
@taylorswift13
81.5M followers
Lady Gaga
@ladygaga
73M followers
Virat Kohli
@imvkohli
69.8M followers
Kim Kardashian
@kimkardashian
69.8M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.9M followers
Neymar Jr
@neymarjr
62.6M followers
The Ellen Show
@theellenshow
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.7M followers