Random Damage 🌻
cR0w 
🏴☠️"AI is giving attackers a huge advantage!"
"Yes, it is. It's amazing how quickly it has destroyed dev, sec, ops, management, company missions and priorities, regulations, information literacy, and civil society, making everyone more vulnerable."
J4ck@cR0w Hi, yes. This is me. I am dev, sec, ops, management that has been destroyed making everyone more vulnerable.
Mostly dev, sec & ops... but there was some mild management in there (against my better judgement).
This is exactly the truth. AI is a tool. But it's a tool that has been given some kind of mystical authority over long term thinking.
@jackryder It's not even a tool though. It's more of a component. Like asbestos in brake pads. Or lead in paint. They made people feel like they were improving the product while in reality they were killing the customers and the environment.
@cR0w Yeah, that's a much better description.
Lead in the paint, asbestos in brake pads...is such a good description. That's exactly right.
So many people thought that stuff was so innocent.
@jackryder Or PFAS in flame retardant, cooking pans, rain gear, etc. Or methanol in moonshine.
@cR0w I got this great idea, right?
So you know the game darts? You throw a sharp pointy metal spike at a wall... right?
What if... get this... instead of a tiny little bitch spike, we go full 9inches? Have kids throw them just straight in the air... see what happens.
What'cha think?
@jackryder Sounds like good, wholesome fun to me. I'm in. But only if there's lots of booze and / or weed to make it more interesting.
@cR0w Well hell yeah! What else are we gonna do at the lake? Too rowdy with the bonfire and beer keg to really fish anyway!
Bruce Heerssen 
@jackryder @cR0w
You've heard the expression, "close only counts in horseshoes and hand grenades," right? Well, have I got a great new game for you!
You've heard the expression, "close only counts in horseshoes and hand grenades," right? Well, have I got a great new game for you!
JimijamflimflamI used to play with those as a kid. We called them jarts (or lawn darts). They disappeared for some reason. 🤔
@Jimijamflimflam
We had some when I was younger. Bright colored plastic death sticks were the best!
liquidlamp@Jimijamflimflam @jackryder @cR0w I missed the long stabby version, but did get the "weights on a stick" version. Turns out whipping a quarter pound weighted stick straight up in the air and then running wildly to not get hit was also pretty dangerous.
We used to play that very game with the old stabby ones. It was a group game.
Jimmy@jackryder @cR0w I think that;s what's happening in Ukraine right now, but the kids aren't the ones throwing the darts!
The Great Llama 
Wait... wait wait.@jackryder @TheGreatLlama Naked lawn darts.
@cR0w
Depending on the thrower, that could make things really tricky.
Like... imagine if you were playing with, or against someone with a piercing? 
@jackryder @TheGreatLlama Sucks to suck.
cerement@jackryder @cR0w @TheGreatLlama
*magnetic* lawn darts
Jonathan Beverley@jackryder @cR0w the worst part there is that you're being unfair to lead and asbestos. Those work. They put lead in paint because it is a fantastic white pigment. Asbestos is virtually fire proof.
RootWyrm 🇺🇦
@cR0w @jackryder I would go a lot further than that. LLMs are a "tool" in the same sense as chainsawing off your own leg is a "tool."
Except chainsawing off your leg does a shitload less damage.
This isn't lead in the paint where it's safe till the paint starts failing. This is Bhopal including the UCAR response.
A wizard did it 
🇨🇦@cR0w @jackryder Asbestos in brake pads and lead in paint did improve the product though. If they weren't so horriffic to human health, we would still be using them. Conversely, I've yet to see an instance where AI has actually improved anything. At best it lets people who are mediocre at their jobs output a higher quantity of mediocre work.
@Mustardfacial @jackryder That's completely fair.
At best it lets people who are mediocre at their jobs output a higher quantity of mediocre work.
But that is the "benefit" as seen by so so many people.
@cR0w @jackryder But that is the "benefit" as seen by so so many people.
This is unfortunately the truth.
@Mustardfacial @cR0w @jackryder exactly this. And they also were not DIRECTLY harmful. Asbestos wrapped around pipes is totally safe, UNTIL you disturb it or it starts breaking up into fibers. Lead paint is safe as long as it isn't crumbling because the lead content is fully contained.
Slop is immediately harmful for no benefit. There is no safe state. It only APPEARS to increase mediocre output when in fact it only increases DEFECTIVE output.
@rootwyrm @cR0w @jackryder Asbestos was directly harmful to the people producing the sheets that you wrapped around pipes, lead in the paint was directly harmful to the people producing the paint. It was awful to the factory workers themselves more than to the average consumer.
@Mustardfacial @cR0w @jackryder as a subscriber to multiversal theory, I sometimes joke:
Three dimensions over, scientists are debating whether it was ethically right to kill Hitler in the cradle.
Two dimensions over has a supersoldier that punches Nazis into other dimensions.
One dimension over, scientists are debating the ethics of exiling young HIitler to another dimension.
And over here we're going 'where the fuck are all these Hitlers coming from!?'
Troed SångbergI'm extremely good at what I do - belonging to that mythical home computer generation that started programming in ASM and never stopped learning how _everything_ works. To no one's surprise I'm thus working in cybersec today, partly as an ethical hacker focusing on hw/fw exploits at the really tricky low level stuff.
A few days ago I tested, for fun, having Mistral AI's Devstral-2 model do an analysis of a firmware dump of an eMMC I had just extracted from a fully proprietary ARM-based IoT device.
In a minute or so it had made the same conclusions as I would myself, nicely documented, on not just standard partitions and what they contained but also the fully custom stuff with no standard markers at all - including making "educated guesses" at the likely boundaries between headers and data, and what the data could be based on number of bits/bytes and entropy.
The question is whether you will now consider me to be mediocre.
@troed @cR0w @jackryder No, you're looking for a fight.
What's that thing Socrates said? "I may be the smartest man alive because I know I don't know anything at all"
Be humble bro.
I think the problem is with the "criti-hypes"* who believe they know better than everybody else (those "mediocres" of the world).
*) from https://pluralistic.net/2026/03/12/normal-technology/#bubble-exceptionalism
Darwin Woodka@Mustardfacial @cR0w @jackryder
That's the general idea, yes.
Claudius Link@mttaggart just posted a link to a piece.
While it has nothing to do with cybersecurity it describes brilliantly the effect for writers
Taggart (@[email protected])
Holy crap this story knocked me over. It is everything I'm feeling about the machines right now. https://sightlessscribbles.com/the-colonization-of-confidence/
Ian Campbell 🏴@cR0w permission to pop this up on LinkedIn?
:D
@neurovagrant Hell yeah. Rile some bros up.
Adam Davis@cR0w
It briefly amazed me, now it just dismays me. I work for the government. Almost all our management and about half the devs are all-in for AI. I'm older and more sceptical. I've seen a few silver bullets fly by in the past, and I don't have much desire to rearrange my job to prompting, reviewing, and hoping the AI code turns out okay. I should be able to hold out until retirement, but younger folks don't have that luxury.
It briefly amazed me, now it just dismays me. I work for the government. Almost all our management and about half the devs are all-in for AI. I'm older and more sceptical. I've seen a few silver bullets fly by in the past, and I don't have much desire to rearrange my job to prompting, reviewing, and hoping the AI code turns out okay. I should be able to hold out until retirement, but younger folks don't have that luxury.
Yeah and we're gonna "retire" as they crash the markets and decide all the social security we've paid is theirs not ours
Tim Ward ⭐🇪🇺🔶 #FBPE@cR0w Until recently I worked somewhere that was pressuring developers into using the AI tools it was paying for.
One feature of working for that company was its "security" - pretty well anything you tried to do ran into some roadblock or other because "security".
So I asked the AI: "How do I get round this 'security' feature?"
And instead of reporting me to security it actually gave me an answer. Which, in the nature of code generated by AI, didn't actually work, but it gave me a clue as to how to come up with something that did.
Xavier «X» Santolaria 
@cR0w And even Western gov's are taking decisions using AI-powered chatbots that got trained with data up to the 90's it seems.
B'ad Samurai 🐐🇺🇦@cR0w 2026 Cybersecurity Priority List (according to LinkedIn)
AI
AI for Security
AI Security for AI
Agentic SOC
AI-SPM
CNAPP
CWPP
CSPM
CIEM
KSPM
DSPM
ASPM
.
.
.
Patch your shit
The fucking basics
@badsamurai Is asset inventory covered in "the fucking basics" or is it further down?
@cR0w I almost added but I think I blacked out
Scott Wilson@badsamurai @cR0w It’s absolutely mind-numbing to me, the orgs I encounter who don’t have a god damn asset inventory.
Rob O 
@scottwilson @badsamurai @cR0w I'll add another caveat: It's mindnumbing the number of orgs that want a pentest but don't have an inventory.
Phillip 
@nerdpr0f @scottwilson @badsamurai @cR0w The pen test they want:
“First, I sent out a spear phishing campaign and got a receptionist to download a malicious Word doc that installed a heavily-obfuscated RAT, giving me persistent remote access. From there, I used a 0-day vulnerability I discovered in Windows to move through the network, before using my custom 5p33d_h4x tool to take down your firewall. This allowed me carte blanche access to your databases, exfiltrating industry secrets, customer data, employee data, and financial records. You need to invest in AI-enabled firewalls from snorkblort with their new dynamic rules engine. That would have stopped me dead in my tracks.”
The pen test they need:
“I scanned the IPs on your company network by connecting to the free guest Wi-Fi, found all of your devices’ hostnames, open ports, OS version, and how outdated they all are, then put it all in a spreadsheet. Good luck”
Misuse Case@cR0w @badsamurai Asset inventory is covered in "the fucking basics" for system administration, let alone cybersecurity.