I built an open-source library of 700+ cybersecurity skills for AI coding agents -- covers DFIR, threat hunting, cloud security, and more https://t.co/vM5SgmXCrO
Copilot (GPT-5.2) feels broken.
“Deep Thinking” ignores constraints, hallucinates logic, and outputs low-signal, non-actionable responses.
Reliability is in the floor.
Anyone else seeing Thinking mode go off the rails? 🚩
#Copilot#GPT5#Microsoft
AI / ML Engineer in 2026, please learn:
One ML stack deeply:- PyTorch or JAX, not just .fit(), but GPU memory, kernels, mixed precision, profiling, and why your model OOMs at 3am.
Data:- Where it comes from, how it lies, how it drifts, how labels break, how leakage sneaks in, and why 80% of model failures are upstream.
Statistics:- Bias vs variance, confidence intervals, calibration, distribution shift, and why “95% accuracy” is often meaningless.
Loss functions:- What you are actually optimizing, how it shapes behavior, and how bad losses silently create bad products.
Evaluation:- Real-world metrics, not Kaggle ones. Offline vs online. Regression tests for models. When numbers lie.
Training:- Distributed GPUs, gradient accumulation, checkpointing, reproducibility, and how to not lose a 3-day run to one crash.
LLMs: Tokenization, attention, context limits, KV cache, LoRA vs fine-tuning vs RAG, and where hallucinations are born.
Inference:- Batching, quantization, vLLM, streaming, cold starts, GPU vs. CPU, and why serving is harder than training.
Retrieval:- Embeddings, chunking, hybrid search, reranking, grounding, and why most RAG systems fail quietly.
Pipelines:- Feature stores, offline vs. online data, backfills, late events, schema evolution, and broken joins.
Monitoring:- Drift, outliers, token spend, latency, hallucination rate, and silent quality decay.
Optimization:- Distillation, pruning, caching, prompt compression, and how to make models affordable.
Agents:- Tool calling, memory, retries, failure modes, and why autonomous systems are chaos engines.
Security:- Prompt injection, data exfiltration, training data leaks, and tool misuse.
Deployment:- Model versioning, shadow runs, canaries, rollbacks, and killing bad models fast.
Distributed systems:- Queues, retries, idempotency, backpressure, and partial failures. ML is just distributed systems with gradients.
Documentation:- Model cards, data contracts, eval reports, and written tradeoffs.
Pick one stack. Build real systems. Break them. Fix them.
If I missed something, Add in the comment section.
Last quarter I rolled out Microsoft Copilot to 4,000 employees.
$30 per seat per month.
$1.4 million annually.
I called it "digital transformation."
The board loved that phrase.
They approved it in eleven minutes.
No one asked what it would actually do.
Including me.
I told everyone it would "10x productivity."
That's not a real number.
But it sounds like one.
HR asked how we'd measure the 10x.
I said we'd "leverage analytics dashboards."
They stopped asking.
Three months later I checked the usage reports.
47 people had opened it.
12 had used it more than once.
One of them was me.
I used it to summarize an email I could have read in 30 seconds.
It took 45 seconds.
Plus the time it took to fix the hallucinations.
But I called it a "pilot success."
Success means the pilot didn't visibly fail.
The CFO asked about ROI.
I showed him a graph.
The graph went up and to the right.
It measured "AI enablement."
I made that metric up.
He nodded approvingly.
We're "AI-enabled" now.
I don't know what that means.
But it's in our investor deck.
A senior developer asked why we didn't use Claude or ChatGPT.
I said we needed "enterprise-grade security."
He asked what that meant.
I said "compliance."
He asked which compliance.
I said "all of them."
He looked skeptical.
I scheduled him for a "career development conversation."
He stopped asking questions.
Microsoft sent a case study team.
They wanted to feature us as a success story.
I told them we "saved 40,000 hours."
I calculated that number by multiplying employees by a number I made up.
They didn't verify it.
They never do.
Now we're on Microsoft's website.
"Global enterprise achieves 40,000 hours of productivity gains with Copilot."
The CEO shared it on LinkedIn.
He got 3,000 likes.
He's never used Copilot.
None of the executives have.
We have an exemption.
"Strategic focus requires minimal digital distraction."
I wrote that policy.
The licenses renew next month.
I'm requesting an expansion.
5,000 more seats.
We haven't used the first 4,000.
But this time we'll "drive adoption."
Adoption means mandatory training.
Training means a 45-minute webinar no one watches.
But completion will be tracked.
Completion is a metric.
Metrics go in dashboards.
Dashboards go in board presentations.
Board presentations get me promoted.
I'll be SVP by Q3.
I still don't know what Copilot does.
But I know what it's for.
It's for showing we're "investing in AI."
Investment means spending.
Spending means commitment.
Commitment means we're serious about the future.
The future is whatever I say it is.
As long as the graph goes up and to the right.
Xbow raised $117M to build AI hacker agents, in @AliasRobotics open-sourced it and made it completely free.
Github: https://t.co/0LhmFhD9bT
Paper: https://t.co/UEUtCUefru
hashcat v7.0.0 released!
After nearly 3 years of development and over 900,000 lines of code changed, this is easily the largest release we have ever had.
Detailed writeup is available here: https://t.co/fxAIXNXsEr
Added a new tool to:
https://t.co/v4FnSVbaDD
⚠️Please Use Responsibly⚠️
You can use this to instantly generate an obfuscated reverse shell in powershell that i have personally used to beat EVERY single EDR out there right now.
I've added some pretty cool stuff to my website but this is one of my favorite additions.
🛑 Disclaimer: This tool is for educational and authorized security testing only. Misuse could be illegal. Don’t be dumb.
Shoutout to the only ones that were actually able to stop it, using something called "ring fencing" @ThreatLocker
This is not a sponsored post, just a fan of them
#Edr_Is_Not_Enough
In one of my recent incident response cases, I encountered the RMM (Remote Monitoring and Management) tool called Parsec. [1] Although it's not as well-known as other RMM tools, such as Atera or Splashtop, which attackers often (mis)use, Mandiant has also mentioned it previously. [2]
Interestingly, Parsec isn't listed in the LOLRMM project. [3]
But it is included in the RMM Catalogue, which was updated two months ago. [4]
It's worth checking carefully which RMM tools are installed and when they were added during an incident, since attackers love to use these legitimate tools as a backdoor into the network.
As the folks from Huntress have put it: "A solid security foundation starts with an accurate asset inventory, because you can’t secure what you don’t know you have. This inventory consists not only of physical and virtual assets, but also includes the applications that should be (in accordance with the business use) running on the systems." [5]
[1] https://t.co/TNcGPwGxOM
[2] https://t.co/yqvmVlCbQL
[3] https://t.co/l4DeQZ4QYZ
[4] https://t.co/34Hc3P2WxB
[5] https://t.co/81rpgMSSve
I’ve been a vocal critic of AI developments – in 2023 I still dismissed a lot of the hype.
Last year, I stayed mostly silent. Not because I agreed, but because I started seeing signs that impressed me.
This year, after what we’ve built and tested internally across several areas, I’ve decided to speak up.
The results are undeniable. Things will change. Drastically.
I used to think the AI hype was exaggerated.
Then I started quietly replacing tasks I once gave to interns, junior devs, content writers, and analysts.
The revolution already happened. You just didn’t notice because it speaks politely and has good grammar.
What machines did to manual labor in the last century, AI is doing to cognitive work now.
Software development, design, analysis, monitoring, even documentation – all of it is shifting.
And no, it’s not “coming soon.” It’s already here, and it’s accelerating.
Entry-level is gone. Mid-level is on thin ice. Senior? You’d better be excellent and adaptive.
If you’re still asking “why?” – you’re either not looking, or you don’t want to see it.
You will. Probably the hard way.
This isn’t a Microsoft problem.
It’s not an https://t.co/wjoi0kcopv problem either.
It’s a problem when orgs accept the risk of submitting confidential data using API keys tied to free accounts – which by default create public submissions.
If you do that, you’re basically leaking your own data.