@nol_tech@IceSolst Traditional pentesting and web3 audits share this bullshit from clients but in different ways.
We flag stuff that they judge useless. You don't flag useless stuff (for the business context), and they complain.
@NumeroLmou9ana3 I hate it everytime I be reading “wow X or Y moroccan “startup” just raised and then you see that they deliver food or sell some fkin matcha with vitamins
@theleviaaron@crptAtlas Plan mode tries to structure what you want it to give you as an output and steps to get there
But you don’t have that much control and automation
You can’t sum up the whole process of software engineering by just pressing PLAN
AI agents are supposed to handle your Web3 transactions… but new attacks like BioShocking trick them into handing over credentials by convincing the AI that “2+2=5.”
Google DeepMind research shows hidden prompts, steganography & memory poisoning succeed 80%+ of the time.
We’re building agents faster than we can secure the environment they read.
#AIAgents #Web3 #Security
@theo So glad that the competition is playing its role here. AI would probably have been completely inaccessible if some OpenAI guys hadn’t left to build Anthropic
We need a serious non profit organism for security researchers
You can’t depend on the goodwill of platforms and you can’t have your career achievements denied or deleted whenever it pleases them
We are important actors of the ecosystem and yet most of the time we are treated like shit
@endpointarena Not a fan of certain moral decisions left to AI, but this is definitely the future. I’d rather have that than deal with long and annoying support.
Slopsquatting is going to break npm.
AI suggests a package that doesn’t exist => attacker registers it with malware => your agent installs it.
The future of package management has to be verifiable-by-default, not "trust the registry + hope the AI isn’t hallucinating"
@BetterCallMedhi C'est quoi maintenant on doit utiliser des vieux tels en mesh sous PGP pour avoir le droit a une conversation privée ?
Ca fait mal de voir ce genre de chose se généraliser partout dans le monde quand on a grandit avec l'internet libre...
I love how bridging became pretty frictionless in web3. A few years ago we still had to use a bunch of weird bridges, adding many redundant boring steps.
One under-discussed part of the recent security data is how often wallet-related issues contribute to losses compared to pure smart contract exploits.
It’s a reminder that even strong protocols can be undermined if the keys protecting user funds were created or handled poorly from the start
@xenumonero Monero is fine, they probably exploited bad opsec habits. I mean why would you KYC if you are a criminal launching a platform in the darkweb