https://t.co/n6VYvNzJsl
so the bug bounty community freaked out a few weeks ago when hackerone had a single slide that talked about using AI agents for testing based off our reports. bugcrowd's new strategy sounds even more brazen, sly and egregious.
submit reports -> your "signals" (aka creative thought process and work) feed into their AI agents -> AI agents find bugs without you (unclear incentive structure).
that's if the technology even works though lol. these days I have trouble even adding collaborators in reports without the app erroring out.
the messaging is so much more slick too. "connect those signals" - does that mean they are training on our reports? at least whoever did this PR release was careful to not blatantly say that they are training on our reports.
but lol what does connecting those signals actually mean at the end of the day? extremely unclear if they train on our reports.
this requires actual transparency from both platforms, not just marketing, and messaging tactics that you use when you're trying to convince you're not a wolf in a sheeps clothing.
Introducing DiffusionBlocks: Block-wise Neural Network Training via Diffusion Interpretation
https://t.co/c9AvsRKybj
What if we didn’t have to hold an entire neural network in memory to train it?
Standard neural net training optimizes all parameters jointly. As a result, the memory required during training grows linearly with the depth of the network.
In our #ICLR2026 paper, we propose DiffusionBlocks, a principled framework to train networks one block at a time, drastically reducing memory requirements while matching end-to-end performance.
With DiffusionBlocks, we split the network into blocks and train them one at a time, so you only need memory for a single block.
How? We explicitly assign each block a role: to move the representation a little closer to the target than the block before it did. That role turns out to be precisely what a diffusion model does, step by step. Each block only needs to optimize its own objective and can be trained independently.
We validated this across five different architectures:
• ViT
• DiT
• Masked diffusion
• Autoregressive transformers
• Recurrent-depth transformers
In each case, performance is competitive with end-to-end training while using a fraction of the memory.
This perspective also extends naturally to recurrent-depth (Looped) transformers, which apply the same network iteratively and normally require expensive backpropagation through time (BPTT). Viewed through DiffusionBlocks, we can replace those multiple iterations with a single forward pass during training.
Read our paper and code, to learn more.
Paper: https://t.co/CRj96VGYQn
GitHub: https://t.co/eNW0K9Xh8E
🐟
Talking to a voice AI LLM over ham radio (on UHF 420.69 megahertz, of course!)
(Note: cool experiment, but be careful: FCC regs require a licensed control operator to be present at the control point the entire time the LLM is operating.)
🦀 Rust zero-cost abstractions aren’t always zero-cost.
Turbopuffer chased a nasty perf cliff and found Rust iterators were silently blocking SIMD in a hot merge loop.
Result: query dropped from 220ms to 47ms.
https://t.co/19Q2hjA0OI
#rust#rustlang
Our security research team were the original reporters of the Metabase Pre-Auth RCE vulnerability (CVE-2023-38646).
You can read our blog post here:
https://t.co/G9icsBuCYB
And our advisory here: https://t.co/MXqJ254S6w
The security research team at @assetnote found and reported a critical pre-auth RCE vulnerability to Metabase earlier this month CVE-2023-38646:
https://t.co/UnfEXB7qk6
This one was an incredibly fun discovery as there are many roads to RCE through JDBC. We've published details of the original discovery at our blog:
Our security research team has published Part 2 of our Citrix Pre Auth RCE analysis (CVE-2023-3519). You can read our research on our blog:
https://t.co/HEYcaaXDQL
Our security research team has published Part 2 of our analysis for CVE-2023-3519 (Citrix Pre-Auth RCE). This writeup includes the correct vulnerable endpoint that is exploitable without any special configuration:
https://t.co/1FeabjAIgG
The security research team at @assetnote discovered a pre-authentication RCE vulnerability through a cryptographic flaw in Citrix ShareFile. It's been assigned CVE-2023-24489. You can read the technical blog post here: https://t.co/02EcdlJKNi
Just blogged about an RCE in GitLab's CLI tool that I found last year, soon after joining their amazing security team.
https://t.co/SEIuFISMMp
#bugbounty#bugbountytips
Our security research team discovered a pre-auth XSS in Citrix Gateway (CVE-2023-24488). This affected over 50k instances on the internet.
You can read about our discovery here: https://t.co/tW07WyvM0O
My colleague, Dylan at @assetnote discovered a pre-auth XSS in Citrix Gateway CVE-2023-24488.
You can read about his work here: https://t.co/uRfoWauo4c
This affected over 50k installations on the internet.