Olivia
Online
Sparc Flow
@sparcFlow
H4cker, author of How to Hack Like a Pornstar & How to Hack Like a Ghost
Joined February 2017
114 Following
3.2K Followers
468 Posts
Pinned Tweet
My new book Blitzscaling Security is now available.
Dive into the mind of Alex, the first security engineer at a scale-up, & experience the brutal truth behind designing a security that protects and boosts the business
The gloves are off with this one :)
https://t.co/35AxFmPAhE
anthropic is at risk of making a big mistake
it's something we've seen too many times before
imagine having the crazy goal of building a platform - something thousands of companies and products are built on top of
you realize just building the platform isn't enough, so you start to build tools that make it easier to use the platform and demonstrate its capabilities
these tools get their own names and identities and teams working on them
and very quickly these teams forget they only exist to drive people onto the platform
and then one day someone external makes a tool that accomplishes that goal and does it even better
it should be a moment of success - this is the original dream, to see great things built for your platform
but structurally these teams have long forgotten that so it's a moment of competition. in the worst cases they even try to squash it
we've experienced this building SST and how some teams at AWS saw our work as competitive even as we were driving dollars to AWS and tapping into a market they could never reach
there are exceptions - cloudflare has invested resources in helping us even though they have wrangler, somehow their teams are setup in a way to not see us as a threat
but it's a real test - we'll soon be able to see if anthropic as an org is really aligned with becoming a platform or if they fall into this same trap
@lifeof_jer sorry this happened to you guys.
Some clarifications are needed : agents are not sentient beings. someone, a human, created and prompted that agent. Someone, a human, left those powerful api keys. Someone, a human, failed to limit and scope the agent’s capabilities.
That’s where the controls failed first and foremost.
@chamath’s take on Mythos is dead right. A few points:
• A capable security researcher can already find plenty of vulns with current models. I tried it. It’s pretty wild. Every company should already be doing this, by the way.
• There are already plenty of vulns to choose from. What do people think ? that every company is fully up to date on every known vuln? Boy, do I have news for you.
• A 2-month (or even 9-month) moratorium is just theater. Choosing 100 partners is a farce. The real world is massively decentralized, with hot spots everywhere: transportation companies, electrical grids, hospitals, logistics networks, and thousands of other companies running critical workloads you’ve never heard of.
• Still on this moratorium, OK we found the vulnerabilities. Cloud providers create new bundles of Linux/FreeBSD images. Great. Will companies automatically upgrade all their software stack overnight? It does not work that way. Rollout new machines, fix broken dependencies, upgrade libs, rollout slowly service by service...weeks or months of work for a single upgrade of a single system in most setups. Upgrades are hard because shit tends to break.A LOT.
It's the companies that need a head start because that's the choke point, not the tech/cloud providers.
• “Exploit chains” sound scary, but if an attacker has a choice between chaining a delicate string of exploits or tricking an admin into installing a fake extension / Zoom update / whatever, they’ll choose option 2. And since option 2 is almost always on the table, well...the ROI equation likely stays the same.
• By releasing this model to a select few, Anthropic is choosing winners and losers. I could find and fix critical vulnerabilities at my company right now… but I can’t. So instead I remain at the mercy of the select few companies they chose, hoping not one of those hundreds of thousands of employees is ill-willed or willing to betray their confidentiality agreements. Thanks. I’ll sleep better at night.
I could go on, and there are many counter arguments that I can already hear coming, but my point is: the head start is being granted to the actors who are already the fastest movers (AWS, Google, etc.) , while the real risk accumulates in the slowest-moving edge organizations that inherit the vulnerabilities downstream.
People mock vibecoding but if you can oneshot dependencies to reduce your exposure…not a bad thing. This used to be a google-like luxury. Perhaps not anymore
LiteLLM HAS BEEN COMPROMISED, DO NOT UPDATE. We just discovered that LiteLLM pypi release 1.82.8. It has been compromised, it contains litellm_init.pth with base64 encoded instructions to send all the credentials it can find to remote server + self-replicate. link below
I mean yes it’s a scandal, but having gone through actual soc 2, iso 27001, pci dss and other types of audits, i don’t see how this is radically different than what auditors do.
Do people really think that an ISO auditor actually looked properly at system configs and ran deep and proper technical checks ?
Most of these certs are rubber stamps anyway, this is just a step up in terms of the compliance charade.
Delve, a YC-backed compliance startup that raised $32 million, has been accused of systematically faking SOC 2, ISO 27001, HIPAA, and GDPR compliance reports for hundreds of clients. According to a detailed Substack investigation by DeepDelver, a leaked Google spreadsheet containing links to hundreds of confidential draft audit reports revealed that Delve generates auditor conclusions before any auditor reviews evidence, uses the same template across 99.8% of reports, and relies on Indian certification mills operating through empty US shells instead of the "US-based CPA firms" they advertise. Here's the breakdown:
> 493 out of 494 leaked SOC 2 reports allegedly contain identical boilerplate text, including the same grammatical errors and nonsensical sentences, with only a company name, logo, org chart, and signature swapped in
> Auditor conclusions and test procedures are reportedly pre-written in draft reports before clients even provide their company description, which would violate AICPA independence rules requiring auditors to independently design tests and form conclusions
> All 259 Type II reports claim zero security incidents, zero personnel changes, zero customer terminations, and zero cyber incidents during the observation period, with identical "unable to test" conclusions across every client
> Delve's "US-based auditors" are actually Accorp and Gradient, described as Indian certification mills operating through US shell entities. 99%+ of clients reportedly went through one of these two firms over the past 6 months
> The platform allegedly publishes fully populated trust pages claiming vulnerability scanning, pentesting, and data recovery simulations before any compliance work has been done
> Delve pre-fabricates board meeting minutes, risk assessments, security incident simulations, and employee evidence that clients can adopt with a single click, according to the author
> Most "integrations" are just containers for manual screenshots with no actual API connections. The author describes the platform as a "SOC 2 template pack with a thin SaaS wrapper"
> When the leak was exposed, CEO Karun Kaushik emailed clients calling the allegations "falsified claims" from an "AI-generated email" and stated no sensitive data was accessed, while the reports themselves contained private signatures and confidential architecture diagrams
> Companies relying on these reports could face criminal liability under HIPAA and fines up to 4% of global revenue under GDPR for compliance violations they believed were resolved
> When clients threaten to leave, Delve reportedly pairs them with an external vCISO for manual off-platform work, which the author argues proves their own platform can't deliver real compliance
> Delve's sales price dropped from $15,000 to $6,000 with ISO 27001 and a penetration test thrown in when a client mentioned considering a competitor
Almost every AI demo starts with « help me prep for this meeting ». A real producticity tool would instead start with « Get rid of this meeting »
New: Slack CRM.
AI on top, salesforce underneath.
One pane of glass. 🤯
Python 3.13 tightened ssl validation requiring an additional extension in certificates. Good right?
Wrong. no one is gonna go through the pain of rotating their CA just for a silly obscure extension that barely prevents any real world attack, so there will be a wave of verify_ssl=false in codebases.
Typical example of narrow security thinking and opposite consequences
The article assumes humans stop adapting, capital gains vanish, and markets freeze.
You cannot delete incentives from the model, have everyone passive, make AI the only dynamic player and build predictions. That’s simply the wrong world model. Thousands of years of history say otherwise.
JUNE 2028.
The S&P is down 38% from its highs. Unemployment just printed 10.2%. Private credit is unraveling. Prime mortgages are cracking. AI didn’t disappoint. It exceeded every expectation.
What happened?
https://t.co/JzzwCrbJgS
The article assumes humans stop adapting, capital gains vanish, and markets freeze.
You cannot delete incentives from the model, have everyone passive, make AI the only dynamic player and build predictions. That’s simply the wrong world model. Thousands of years of history say otherwise.
@deanwball Except if you read any history book that is.
@Money7218 My goal was to capture hacker thought patterns and ways of thinking. The tech is just an excuse to illustrate that.
So hopefully very relevant in that regard.
Hack like a ghost is closer to what you’ll see in a cloud environment however.
@Jason @theallinpod Welfare state => more attempts to illegaly immigrate => bigger voter base for those that allow them in.
Yes it’s that simple indeed, just follow the incentives.
@eastdakota They are. Build a search engine and compete. That’s the essence of capitalism. Everyone is free to compete to the best of their abilities.
Prompt injections through zendesk tickets, feature requests, free text fields in the app…we’re not ready for the mess this will cause via claude code directly hooked to these attacker-controlled sources.
@bcherny legit question: how do you think about that ? You see a world where LLMs (or the underlying tooling) will distinguish data from actual context ? (Replay of parametrized statements)
Reading about cowork, clawedbot, etc
@pmddomingos I’ve never seen a calculator write a dissertation.
@Rainmaker1973 Glp1. Nothing comes even close.
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers