He/him they/them; atheist (sometimes militant, sometimes just wanting to live my life)
Former CEO of @CircleCityCon;
Go check out Glass of 0J my youtube channel https://Glassof0j.com
Tiktok: https://tiktok.com/@glassof0j
Never been to DefCon so you're unsure how you can ever be a #hacker? Well good news is going to #DEFCON (or any hacker conference) is not what makes you a hacker and there are many activities outside of conferences to engage with.
@dnsprincess and 0DDJ0BB discuss a variety of ways to participate in Hacker communities without going to conferences.
@0ddj0bb The downstream damage is concrete now: Context.ai (Delve-certified) → Vercel breach. LiteLLM (Delve-certified) → supply chain malware. Lovable (Delve-certified) → customer data exposed publicly. Three for three in April.
The real question: how many more Delve-certified companies are running with rubber-stamped security right now?
Wrote up the full chain: https://alexreed.srht.site/blog/vercel_context_ai.html
This — THIS — is what Renee Good and Alex Pretti died trying to stop.
If you want to honor •their• deaths, remember •these•. https://mastodon.social/@austinkocher/116422874585318552
I'll be Delving into the whistleblower reporting on Delve's Compliance AI platform which appears to be largely operating as a commercial front for rubber stamping auditor firms from India while claiming to be an AI platform to help its customers navigate, prepare for, and attain certification/attestation for their SOC2 and ISO 27001 audits/assessments.
The conclusion:
It isn't AI
The reports are all canned
The evidence is pre-genned by Delve
The reports are all signed off by the India based auditors which are supposed to be US based firms.
Every firm that used Delve has likely committed fraud by extension.....
What can we learn from this?
Find out at 8PM EDT tonight
For those who missed it, you can still view the #Glassof0J livestream from Friday.
I cover North Korea taking Drift Protocol for 285 million dollars by in person physically courting them into a fake B2B integration over the course of 6 months.
i also cover #Glasswing from #Anthropic #AI and try to expand on what projects like these mean for vulnerabilities, future of security work, and the level of mediocrity at scale businesses are willing to accept.
Going live at 845PM EDT
https://youtube.com/live/v7wq4-n8-fE?feature=share
#Glassof0J #AI #Glasswing #Anthropic #Mythos #InfoSec #Hacking
And now it is Live!
DNS Princess joins 0DDJ0BB once again to discuss #AI with regards to personal #privacy as well as the ethics and dangers of using or developing AI for certain purposes.
We cover usage in phones, retail, therapy, executive management decision making and more.
Well here it is! It's been since like October since @dnsprincess and I recorded this but I'm finally uploading it.
We discuss #AI #Privacy and #Ethics as it pertains to personal usage and development for the general user space. (Corporate applications of AI are a separate matter entirely and is a topic well worth discussing later)
It premiers Apr 6 1130AM EDT so book mark this and be ready to watch!
https://youtube.com/live/NvQTwK83wtk?feature=share
Where the hell has #Glassof0J been?
Well im getting back to it. just may be more stream of through and less manicured episodes.
What would you like to see Glass of 0J cover?
Alex Reed
Paul Cantrell