Pavel Shabarkin

if LLMs are the main threat for cyber attacks, then probably the best defense is just littering everything with tons of prompt injections. Hack the LLMs while they try to hack your system. Whenever they hit the wrong port, return a prompt injection. Whenever there's a JSON that accepts extra fields, add prompt injection there. Hidden prompt injection in every html tag. Smart contracts with utf encoded prompt injection in the bytecode. This is not advice -- just public brainstorming of research ideas.

CAREFUL: anthropic built a signature system into claude code. every API request gets signed with a cch= hash thats computed in compiled zig code if you recompile the client yourself it just sends zeros instead. they can instantly tell its not legit right now you literally can't use your anthropic sub on ANY third party tool. only official claude code or pay for api credits separately currently decompiling the official binary to reverse this - would be huge for all third party clients like opencode, openclaw etc to fully bypass anthropic enforcement and actually use the tokens you're already paying for

My startup was hacked! I launched my own travel eSIM service, eSIMPal It started making money, the users were happy, and all was good, but today I woke up to a hacked website Somebody managed to get three 50 (!) GB eSIMs for Kuwait and Saudi Arabia for free, and we started using them heavily I wired up Claude, and we discovered the issue: the user could pass a parameter from the client to the server and make the eSIM cost 0 dollars I fixed the issue and blocked this user, and he only managed to use 5 GB worth of data The internet is full of sharks, boys – triple test all the payment-related code, make sure different LLMs cross-check each other's work Now I'm writing code with GPT-5.4 and making Opus 4.6 review everything for vulnerabilities And my hacker bro, if you are reading this, I'll get you your Saudi eSIM, don't worry Use the promo code IHACKEDESIMPAL for 10% off and chill

Was going to write something like this post months ago, injective was horrible during a crit I found in their protocol 3 months ago and was approved to be at leat High by Immunefi. But I don't like to publicly shame projects, I just see their slow and unresponsive and dismissive behaviour especially with reasons that don't make sense and move on and not even bother looking at their codebase.

we spoke to a company today who's security team is so concerned by ai code they're considering banning ai tools your first reaction might be "they're gonna get left behind" but if you are practical their concerns aren't invalid if you are a huge multi national org with tens of thousands of employees and they just got a button that appears to do their work, it's gonna get pushed a lot and the process around knowing what is making it to production is totally melting being honest we're all getting a bit lazier see that kiro related aws outage as a real life example so they're genuinely arguing over how much this is going to be allowed esp since the net productivity gains for the average dev seem to be pretty low

One underrated downside of LLMs getting better is that they're quietly killing team communication during audits. Before, you'd ask a teammate if they understood a specific mechanism, or bounce questions about the codebase off each other. Now, most of the time you're better off just asking your LLM directly. The set of questions still worth asking your teammates (or even the client) instead of your LLM is shrinking fast.