security researcher
founder @barghest
{ disrupting APT, authoritarian gov, surveillance, privacy violations & corporate injustice }
i mostly dump my thoughts here
| Website | https://0x0v1.com |
| BARGHEST | https://Barghest.asia |
- 283 Followers
- 143 Following
- 616 Posts
Alexandre DulaunoyOpen source is benefiting from the current AI trend: some projects are already improving their security posture and reducing their attack surface.
Proprietary software, for now, seems more out of the loop.
But once LLMs become better at analysing binaries, compiled code, and obfuscation, I wonder how vendors will handle the likely increase in vulnerability disclosures.
Alexis Brignoni 
Thinking that searching, finding, and extracting of digital evidence is a job that can be given to a non-technical user plus AI is quite the risky experiment.
Admitting AI generated derivative evidence without human expert analysis is something I hope to never see. Would we admit DNA evidence based solely on the say so of an LLM? Would we accept a ballistic report without the expert analysis of a human? Would we be OK with presenting a case with an AI lawyer or an AI prosecutor at the table?
RE: https://mastodon.social/@campuscodi/116590594311803439
the mass of people finding single bug primitives in isolation and submitting, will single handedly ruin the bug bounty industry.
AI has made finding individual primitives much easier but turning them into an exploit or weaponization is a completely different ball game which AI can't handle right now without a experienced human-in-the-loop.
the whole concept of 'we accept submissions without a PoC' will disappear this year and low-medium severity will no longer payout (already seen in Google VRP).
Managed to snag this Sanyo autoclave for my workshop for almost nothing which the owner thought wasn't working. After a short simple LCD display repair it's working fine. The quality control culture of Japanese equipment and machinery has always amazed me.
has anybody played Frostpunk 2? is it worth it? my colleague tells me it's much more about resource management then a city build
Alex / catileptici've been seeing dystopia where i used to see community
it's hard to un-see that social media interaction is a broadcast lacking in personal responsibility. one can be "responsible" for a broadcast by being called out in another broadcast
i can't un-see, now, how essentially different this is from the responsibility that plays out between people who are tied to each other, close to each other, who depend on each other. this is also a broadcast. damned if you do, damned if you don't
security research in the expanding AI super race frontier means we are increasingly defending systems whose control plane is topology, not just code or cryptography. you can even see that with the issues signal has been having.
p2p bitcoin attack resistance taught us this early: sybil and eclipse attacks don’t “break” systems, they need to reshape what is reachable. they don’t require system failure only node isolation. these types of attacks will be something AI security, i predict, will find hard to identify. they require context that many higher-level systems still struggle to model
these attacks don’t need to win consensus, only control separation. in dht-based systems this is already structurally hard to solve at scale, and the literature has been pointing at that constraint for years.
as we move into more p2p technologies in the internet freedom space, and even more so ai-native distributed systems like agent swarms, retrieval graphs, federated inference, model marketplaces etc. i think the same failure mode is likely to reappear. though in internet freedoms the stakes are beyond web3 or crypto bros.
for civil society this matters because censorship pressure i predict will largely start quickly shifting from “blocking content” to “controlling topology.”
if you need a cool project idea just pick something that already exists and rewrite it in rust
RE: https://mastodon.social/@eff/116562954102841241
right now peer-to-peer messaging apps that don't rely on the internet are seemly brittle and riddles with topology based issues. we need to focus on security of them more. promoting gossip based protocols are inherently risky, imo.
we proved at p2p conferences that gossip based protocol designs are risky. Amegio is one design that fixes this. we have research coming out in the next month demonstrating trivially shutting down Bluetooth meshes.
Delta Chat being one of the only examples of true success in an internet shutdown depends upon the internet for success and in Iran was highly successful due to wifi router meshes + starlink.