Adam Shostack  

@[email protected]
4.2K Followers
681 Following
11.6K Posts

Author, game designer, technologist, teacher.

Helped to create the CVE and many other things. Fixed autorun for XP. On Blackhat Review board.

Books include Threats: What Every Engineer Should Learn from Star Wars (2023), Threat Modeling: Designing for Security, and The New School of Information Security.

Following back if you have content.

Websitehttps://shostack.org
Latest bookhttps://threatsbook.com
Opsec statusCurrently clean
Youtubehttps://youtube.com/shostack
Adam Shostack  2h ago
Eric Geller3h ago
Important point here from Risky Business on why NIST ending its work of generating CVSS scores for CVEs "opens the door for a lot of infosec drama." risky.biz/risky-bullet...
Adam Shostack  3h ago
DEF CON3d ago

DEF CON in the news:

Jake Braun from the #defconfranklin project has a piece in the Washington Post this week. You can read more about the project at defconfranklin.com.

https://www.washingtonpost.com/opinions/2026/04/10/iran-water-hacks/

#defcon #infrastructure

Iran is trying to turn off America’s water

Many water facilities lack basic cybersecurity measures, making them vulnerable to adversaries.

The Washington Post
Adam Shostack  20h ago
First day on the Bluesky infrastructure team! I hooked up OpenClaw, and it has some amazing ideas about scaling and optimization!
Adam Shostack  21h ago
Mike 1d ago

Another reason to hate #Apple We're seeing more 2018+ MacBook Pro/Air donations — but Apple's T2 chip means even after iCloud sign-out and reset, the firmware stays locked to the original account.

Without donor contact, these machines are useless. :(

I've upcycled ~1,000 older Macs, but T2 era machines will end that. It's controlling, creates e-waste, and will only get worse. #righttorepair matters — Apple couldn't care less.

Adam Shostack  23h ago
Dominic White23h ago

UK gov’s review of Mythos shows it completing challenge of approx 20hrs human expert time & 32 steps 3/10 times using 100M tokens. https://www.aisi.gov.uk/blog/our-evaluation-of-claude-mythos-previews-cyber-capabilities

Opus 4.6 did 28/32 steps max & 100M tokens is approx $900. More for Mythos when/if released.

Our evaluation of Claude Mythos Preview’s cyber capabilities | AISI Work

We conducted cyber evaluations of Anthropic’s Claude Mythos Preview and found continued improvement in capture-the-flag (CTF) challenges and significant improvement on multi-step cyber-attack simulations.

AI Security Institute
Adam Shostack  23h ago
Show threadChao-c'23h ago

@adamshostack RTGs are becoming more and more rare and I believe NASA hoards every gram of Pu238 they can synthesize or reprocess for Dragonfly...

Also, Rosalind Franklin was already integrated and tested with solar panels long time ago.

Russians were offered to be famous for delivering it to Mars, they chose instead to be famous for invading neighbors...

@pomarede

Adam Shostack  23h ago
Daniel Pomarède1d ago

NASA Begins Implementation for ESA’s Rosalind Franklin Mission to Mars

Scheduled to launch in 2028, Rosalind Franklin will be the first Mars rover to search for signs of past or present life under the Red Planet’s surface.

https://science.nasa.gov/blogs/mars-rosa/2026/04/16/nasa-begins-implementation-for-esas-rosalind-franklin-mission-to-mars/

#Mars #ExoMars #RosalindFranklinRover #space #science #news #NASA #ESA #exobiology

NASA Begins Implementation for ESA’s Rosalind Franklin Mission to Mars

NASA has given approval for the agency’s Rosalind Franklin Support and Augmentation (ROSA) project to begin implementation, underscoring the agency’s

NASA Science
Adam Shostack  1d ago
Matt Blaze1d ago
Unsolicited advice to “just block and move on”, no matter how well intentioned, is not helpful or actionable for someone who’s the target of organized or persistent harassment. It’s ultimately just a dismissal, “shut up about your problems” couched in slightly more polite language.
Adam Shostack  1d ago
Show threadevacide1d ago
@mattblaze There is a big divide on social media between the people who have a folder full of screenshots labeled "Death Threats (personal)" and people who do not.
Adam Shostack  1d ago
dragosr1d ago

Interesting critical analysis of IPv8 Draft...

https://shitwolfymakes.substack.com/p/we-need-to-talk-about-the-ipv8-draft

We Need to Talk About the IPv8 Draft

The Good, The Bad, and the Heinous

wolfy