Keep the Robots Out of the Gym
AI is getting so good now (at the end of 2025) that I now have a new, primary recommendation going into 2026: Think very carefully…
Category: Mix
Is Prompt Injection a Vulnerability?
I want to respond to my buddy Joseph Thacker’s blog post about Prompt Injection and whether or not it’s a vulnerability. josephthacker.com Prompt Injection Isn’t…
Exploiting JWT vulnerabilities to achieve RCE
At Intigriti, we host monthly web-based Capture The Flag (CTF) challenges as a way to engage with the security research community. This month, we’ve decided…
The AI Quality Paradox | Daniel Miessler
When excellence itself becomes the marker of AI, not human talent November 24, 2025 Nano Banana Pro has shown me a type of AI dystopia…
Keep the Robots Out of the Gym
AI is getting so good now (at the end of 2025) that I now have a new, primary recommendation going into 2026: Think very carefully…
Thoughts on Prompt Injection OPSEC
I want to respond to this blog post that’s arguing that prompt injection strings are essentially zero-days that we should not share with attackers. I’ll…
Prompt Injection Isn’t a Vulnerability · Joseph Thacker
OKAY. OKAY. OKAY. It can be a vulnerability. But it’s almost never the root cause. I think we need to change how we talk about…
Judge AI by Outputs, not Mechanism
This song captures extraordinarily well why arguments about AI understanding are completely misguided and empty. This is a blues version of “Without Me” by Eminem…
Prompt Injection Isn’t a Vulnerability · Joseph Thacker
Stop calling Prompt Injection a vulnerability. It’s not one. And it’s actually causing a lot of confusion in the handling of AI Vulnerability reports. We…
How to Secure Them This Black Friday — API Security
Can you ever imagine the impact on your business if it went offline on Black Friday or Cyber Monday due to a cyberattack? Black Friday…
Leave the em dash Alone
I’m annoyed by all the hate against the em dash. As Matthew Butterick captures brilliantly, it adds pauses to sentences. Or more specifically and importantly…
![[tl;dr sec] #306 - Claude Code's Hacking Campaign, Rust in Android, Secrets Scanners Miss](https://image.cybernoz.com/wp-content/uploads/2025/11/tldr-sec-306-Claude-Codes-Hacking-Campaign-Rust-in.png){kind=small}
[tl;dr sec] #306 – Claude Code’s Hacking Campaign, Rust in Android, Secrets Scanners Miss
I hope you’ve been doing well! I’m stoked to announce I’ll be doing a webinar with my friend Daniel Miessler on his epic AI setup.…