Olivia
Online
Pinned Tweet
Attackers also have managers and budgets.
StubZero: $148,337 RCE in Google Cloud Production
https://t.co/m7cBnSTaj4
Introducing TxAnalyzer, an open-source AI-powered blockchain attack transaction analyzer
Pulls traces, opcodes, and contract artifacts with one command, then automatically identifies root causes of exploits via AI Agents.
Runs as a Skill — plug into Claude Code / Cursor
https://t.co/imGXl8IXjc
传说中的DeepSeek天才少女、雷军千万年薪挖角的罗福莉也开始发推了。
帖子里最生动的段落是关于她第一次使用复杂 Agent 脚手架的经历。她用的词是:orchestrated Context,编排过的上下文,我理解就是现在比较火的 Harness Engineering。
她说第一天就被震惊了,然后试图说服团队去用,没成功,于是下了一个硬性命令:
> MiMo 团队里,明天对话数不到 100 条的人��可以辞职了。
这个管理风格相当激进,但有效。一旦团队的想象力被 Agent 系统的能力点燃,这种想象力就直接转化成了研发速度。
一方面确实霸气,一方面也让我有点意外,原以为大模型团队应该是更积极拥抱这种从传统 Chat 模型到 Agent 模型范式变化的。
其他都是“干货”
1. 提前押注的架构优势
1T 底座模型几个月前就开始训练了,当时的目标是长上下文推理效率。采用了 Hybrid Attention 机制(混合注意力,简单说就是不让所有 token 都互相关注,而是让一部分用全局注意力、一部分用局部注意力,大幅降低计算成本),支持百万 token 上下文窗口,加上 MTP 推理层(Multi-Token Prediction,一次预测多个 token 而不是一个一个蹦,推理延迟和成本都大幅下降)。
这些架构决策在当时并不时髦,但它们恰好成了 Agent 时代的结构性优势。
2. 为什么 MiMo 团队能这么快
罗福莉在做 DeepSeek R1 的时候亲眼见证过的真实总结:
— 基座与基础设施研究周期很长。你需要在它产出回报的一年前就有战略定力。
— 后训练的敏捷性是另一种能力:靠产品直觉驱动评估,压缩迭代周期,及早捕捉范式转换。
— 还有那些不变的东西:好奇心、敏锐的技术直觉、果断的执行力、全力以赴。
以及一样很容易被低估的东西:对你正在为之构建的世界,发自内心的热爱。
3. 模型会开源的,等模型稳定到值得开源的时候。
Who to follow
b1ue0cean
@b1ue0cean7
Baby sec researcher; @Fuzhou_Uni Bachelor|@AarhusUni_int Master; SFT SEC & AI SP; Looking for a PHD position in 2027 spring
moxiaoxi 
@m0xiaoxi
CEO & Founder @Clouditera | PhD, Tsinghua University | CTF player of Tea-Deliverers & Blue-Lotus | Building CloudRouter @ https://t.co/cUNfMJI47Y
publicqi
@publicqi
@solayer_labs @fuzzland_ CTF @Shellphish @StrawHat_CTF W&M. Opinions are not my own and purely LLM-generated
Here is an interesting job opportunity for a security researcher (bug bounty experience advantageous):
https://t.co/Gd6Y9zfvwF
"Competitive salary and a generous equity package"
https://t.co/3lnmdbnnTz
tl;dr Today, we’re announcing our new company @EntireHQ to build the next developer platform for agent–human collaboration. Open, scalable, independent, and backed by a $60M seed round. Plus, we are shipping Checkpoints to automatically capture agent context.
In the last three months, the fundamental role of the software developer has been refactored. The incredible improvements from Anthropic, Google, and OpenAI on their latest models made coding agents so good, in many situations it’s easier now to prompt than to write code yourself. The terminal has become the new center of gravity on our computers again. The best engineers can run a dozen agents at once.
Yet, we still depend on a software development lifecycle that makes code in files and folders the central artifact, in repositories and in pull requests. The concept of understanding and reviewing code is a dying paradigm. It’s going to be replaced by a workflow that starts with intent and ends with outcomes expressed in natural language, product and business metrics, as well as assertions to validate correctness.
This is the purpose of our new company @EntireHQ, to build the world's next developer platform where agents and humans can collaborate, learn, and ship together. A platform that will be open, scalable, and independent for every developer, no matter which agent or model you use.
Our vision is centered on three core components: 1) A Git-compatible database that unifies code, intent, constraints, and reasoning in a single version-controlled system. 2) A universal semantic reasoning layer that enables multi-agent coordination through the context graph. 3) An AI-native user interface that reinvents the software development lifecycle for agent–human collaboration.
In pursuit of this vision, we’re proud to be backed by a $60M seed round led by @felicis, with support from @MadronaVentures, @m12VC, @BasisSet, @20vcFund, @CherryVentures, @picuscap, and @Global_Founders alongside a global group of builders and operators, including @GergelyOrosz, @theo, Jerry Yang, @oliveur, @garrytan, and many others, who all recognize that the time is now to take such a big swing.
And we begin shipping today with Checkpoints, a new primitive that automatically captures agent context as first-class, versioned data in Git. When you commit code generated by an agent, Checkpoints captures the full session alongside the commit: the transcript, prompts, files touched, token usage, tool calls, and more. It’s our first crack at the semantic layer, as open source CLI on GitHub.
From here on out, no more stealth. We are building in the open and as open source! More to come soon, in the meantime check out all the details in our blog.
推荐吕鹏开源的 Agmente 项目,让你可以从 iOS 手机上操作 Coding Agent Coding Agent。
OpenClaw 让我们看到了很多从手机指挥 Agent 的有趣场景,通过 Agmente 你可以在手机上跟 Gemini CLI、Claude Code、Qwen 等 AI 编程 Agent 对话,实时查看它们的工具调用和执行结果。
吕鹏是 VS Code 团队的工程经理,主导了将 Copilot Coding Agent 和 GitHub Copilot CLI 集成到 VS Code 的工作,可以说他是最了解编辑器如何与 AI Agent 对接这件事的人之一。
Agmente 最特别的地方在于它实现了 ACP(Agent Client Protocol,智能体客户端协议)——一个正在快速崛起的开放标��。
ACP 要解决什么问题? 现在 AI 编程 Agent 越来越多(Claude Code、Gemini CLI、Codex CLI……),编辑器/IDE 也很多(VS Code、Zed、JetBrains、Neovim……)。如果没有统一标准,每个编辑器想接入每个 Agent 都要单独写一套集成代码,反过来每个 Agent 想支持每个编辑器也一样。这就是经典的 M×N 问题。
ACP 就是来解决这个问题的。它的角色类似于当年的 LSP(Language Server Protocol)——LSP 让任何编辑器都能接入任何语言的智能提示,ACP 则让任何编辑器都能接入任何 AI 编程 Agent。Agent 实现一次 ACP,就能在所有支持 ACP 的客户端上运行;客户端实现一次 ACP,就能接入整个 Agent 生态。
从这个项目也反映出 AI Agent 发展中几个值得注意的趋势:
1)Agent 正在脱离桌面束缚。 以前编程 Agent 只能在 IDE 或终端里跑,Agmente 让你在手机上就能监控和交互。想象一下:你让 Claude Code 在远程服务器上干活,然后出门遛弯时在手机上查看进度、审批工具调用——这就是 Agmente 支持的场景。它通过 WebSocket 连接远程 Agent,还支持 Cloudflare Tunnel 做安全访问。
2)标准协议正在改变游戏规则。 就像 MCP 让 Agent 能统一访问各种工具和数据源一样,ACP 让 Agent 能统一接入各种客户端界面。一个 Agent 写一次 ACP 适配,就能同时在 VS Code、Zed、JetBrains、甚至手机上被使用,这大大降低了 Agent 生态的碎片化。
3)从“人用编辑器”到“人监督 Agent”的范式转变。 Agmente 的交互设计很能说明问题——它重点展示的不是代码编辑界面,而是对话历史、工具调用和执行结果。这暗示了一种新的开发模式:开发者的角色从写代码变成下达指令、审核 Agent 的行为。
We found a RCE in Google's AI code editor Antigravity - $10000 Bounty
Link to the blog in comments:
https://t.co/2jEmqyL5hI
Co-RedTeam - Orchestrated Security Discovery and Exploitation with LLM Agents - https://t.co/PROF9m4NNF by @Google
We propose Co-RedTeam, a security-aware multi-agent framework for automatic software vulnerability discovery and exploitation, explicitly designed to overcome core limitations of existing LLM-based security systems, namely brittle single-shot reasoning, lack of execution-grounded validation, and the inability to learn from prior attacks.
Inspired by how human security experts conduct red teaming, Co -RedTeam tightly integrates four capabilities essential for realistic cybersecurity tasks: security grounding, code-aware analysis, execution-driven reasoning, and experience accumulation.
Authors: Pengfei He, Ash Fox, Lesly Miculicich, @stfn42, Daniel Fabian, Burak Gokturk, @tangjiliang, @chl260, @tomaspfister, Long T. Le - @michiganstateu
#AISecurity #LLMAgents #RedTeaming #VulnerabilityResearch #AppSec #SecureCoding #AIForSecurity #OffensiveSecurity #AgenticAI #CybersecurityResearch #CodeAuditing #ExploitDevelopment
Introducing: GhostKatz! 🐱
A Cobalt Strike BOF that lets you dump LSASS via exploitation of vulnerable drivers that offer physical memory read primitives.
Written by @EricEsquivel123 and I!! :)
https://t.co/tmuksIKvj8
The speed of AI development is absolutely mind-blowing every single day! 🤯 Checking out these tips from the Claude Code creator - totally agree that finding your own workflow is key.
I'm Boris and I created Claude Code. I wanted to quickly share a few tips for using Claude Code, sourced directly from the Claude Code team. The way the team uses Claude is different than how I use it. Remember: there is no one right way to use Claude Code -- everyones' setup is different. You should experiment to see what works for you!
This is my first Linux kernel exploit for Google kCTF, and the patch commit is now public: https://t.co/PAtEnUXjpF
Actually, this bug was found by AI while analyzing 1-day variants, I'd like to share my approach for these AI things to find bug, and exploitation write-up later.
What's actually happening during the plateau?
The model isn't stuck. It's reorganizing its internal representations.
During 10,000 "useless" epochs:
→ Circuits form and dissolve
→ Weight patterns crystallize
→ Spurious correlations get pruned
→ True structure emerges
It's like insight in humans. Slow, then sudden.
Blog post: On the Coming Industrialisation of Exploit Generation with LLMs https://t.co/aK4pysY1wD
TL;DR: I ran an experiment with GPT-5.2 and Opus 4.5 based agents to generate exploits for a zeroday QuickJS bug. They're pretty good at it.
Code: https://t.co/47xHRObhRy
Want to see what top-notch security research looks like?
Look no further than @j_domeracki's latest research, a standout contributor to the Google Cloud VRP! 🪲💪
https://t.co/lEsYWZuQMf
Sulaiman Ghori(昵称Sully)是xAI的一名工程师,近日在一档播客节目中接受采访,畅谈xAI内部文化和项目进展。然而,这次畅所欲言直接导致他被马斯克开除。
完整视频地址:https://t.co/k6DiIQMjNq
原因很简单:他把xAI最核心的战略路线图和商业机密全说出来���。
他到底泄露了什么?
1. Macrohard项目的核心概念
Macrohard是xAI正在开发的人类模拟器(Human Emulator)项目。Sully在采访中详细解释了这个概念:
> 我们正在构建的是人类模拟器……任何人类在数字世界中通过键盘鼠标输入、看屏幕做决策的事情,我们都直接模拟人类的行为。不需要任何软件适配,我们可以部署到任何人类目前所在的场景中。
这相当于把产��定位和技术路线完全公开给了竞争对手。
2. Tesla汽车作为部署平台的战略计划
这是最劲爆的部分。Sully透露了一个尚未公开的重大战略:
> 如果我们想部署100万个人类模拟器,我们需要100万台计算机。怎么做到?答案两天后就出现了——Tesla汽车的计算机。
他进一步解释:
- 北美有约400万辆Tesla汽车
- 其中一半以上配备Hardware 4
- 这些车70-80%的时间处于闲置状态(通常在充电)
- xAI可以付费租用车主的闲置算力来运行人类模拟器
- 车主可以用这笔钱来支付租赁费用
> 这是纯软件实现,不需要任何基础设施建设。
这个信息的敏感程度不言而喻——这是xAI相对于OpenAI、Anthropic、Google等竞争对手的重大战略优势,现在被公开了。
3. 与竞争对手完全相反的技术路线
Sully透露了xAI在模型策略上的核心决策:
> 对于其他实验室的人类模拟器尝试,他们的方法是做更多推理、构建更大的模型。我们的决定让我们走上了完全相反的道路。
xAI选择的是速度优先:
- 目标是比人类快1.5倍,实际可能达到8倍甚至更快
- 使用更小的模型,可以更快迭代(从4周缩短到1周)
- 逻辑是:没人愿意等10分钟让电脑做一件我5分钟就能做完的事,但如果10秒就能完成,多少钱我都愿意付
4. 内部测试细节
Sully还透露他们已经在公司内部部署虚拟员工进行测试:
> 我们开始在公司内部测试人类模拟器作为员工……有时候有人会说“嘿,你能帮我做这件事吗?”
> 虚拟员工说“好的,来我桌子这边”,结果他们走过去发现什么都没有。
> 有好几次有人问我:“组织架构图上这个向你汇报的人今天没来吗?”,那只是一个AI虚拟员工。
5. 营收目标和价值估算
虽然没有透露具体数字,但他说了这些:
> 我们现在大约是每个commit价值250万美元,我今天做了5个。
>
> 所以你今天创造了1250万美元的价值?
>
> 是的,杠杆效应极其强大。
他还提到Macrohard有具体的营收目标,并且每天都在计算延误或加速带来的收入变化。
6. 团队规模和运营细节
- iOS团队在某个时期只有3个人
- Macrohard项目最初只有2个人
- 销售团队全是工程师
- 公司内部几乎没有文档(我们做事太快,没时间写文档)
- 管理层只有三层:IC、联合创始人/经理、Elon
---
为什么这些信息如此敏感?
对竞争对手的价值
1. 产品方向:现在OpenAI、Anthropic、Google都知道xAI在做什么了
2. 技术路线:小模型+速度优先的策略被公开,竞争对手可以评估是否跟进
3. 部署策略:Tesla算力网络的计划暴露了xAI独特的竞争优势
4. 内部进度:竞争对手可以估算xAI的发展阶段
对xAI的商业影响
- Tesla汽车租用算力的计划可能需要重新评估
- 与客户的保密协议可能受到影响(他提到了与客户合作测试人类模拟器的细节)
- 内部文化和运营方式被完全曝光
@brutecat Massive congrats! �� Hitting RCE on a hardened environment like GCP is no small feat. Really curious about the methodology here - was it a logic flaw in a specific service or something deeper? Can't wait for the writeup to drop, definitely turning on notifications!
Do LLMs actually help hackers reverse engineer and understand the software they want to exploit?
We ran the first fine-grained human study of LLMs + reverse engineering.
To appear at NDSS 2026.
Interested? Some quick findings in 🧵👇
Paper: https://t.co/h4oBWjSgd3
interesting finding bro🎅
Early Merry Xmas to my community!🎅🏻🎄
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers