Nathan Hamiel 

@[email protected]
383 Followers
140 Following
888 Posts

Senior Director of Research at Kudelski Security, leading the fundamental and applied research team. International public speaker and Black Hat Review Board Member (AI, ML, and Data Science track lead) I focus on emerging technologies and future threats. Throughout my 20+ year career, I’ve focused on issues of software security, product security, and emerging technologies. I’ve discovered vulnerabilities in major products, identified new attack vectors, and built security tools.

I spend time thinking about the impact of technology on humanity as well as the dangers from the overabundance of tech overoptimism. I write occasional thoughts publicly on Perilous Tech. Avid reader and writer. Lifetime creative, player of multiple instruments, and writer of songs. Passionate animal rescuer and enjoy the outdoors. Believer in unstructured time and mind wandering.

Sitehttps://perilous.tech
Nathan Hamiel Mar 10

Does someone need to take Zuck's phone away from him? No nanna, that's not a real Nigerian prince!😆

https://gizmodo.com/mark-zuckerberg-decides-meta-needs-more-slop-buys-the-social-network-for-ai-agents-2000731931

Mark Zuckerberg Decides Meta Needs More Slop, Buys the Social Network for AI Agents

Because Facbook and Instagram don't have enough bots, apparently.

Gizmodo
Nathan Hamiel Mar 10

Seneca said that the excellence of mind cannot be borrowed or bought. However, that’s exactly what’s being pitched with generative AI. Our modern environment is stripping the very defenses we need to stay robust. In the end, we don’t get wisdom or AGI from turning books into statistics. What we get is manipulation and unintended consequences.

https://perilous.tech/transforming-books-into-statistics-wont-bring-wisdom-or-agi/

Transforming Books Into Statistics Won’t Bring Wisdom or AGI - Perilous Tech

Here’s a secret: turning books into statistics won’t bring AGI, cures for cancer, utopia, or any number of useful inventions that we are told are merely 12 to

Perilous Tech
Nathan Hamiel Mar 5

The next few years will require vigilance and the ability to envision trade-offs even when no evidence of trade-offs is apparent. These are essential skills in a world that prioritizes dehumanization. This starts with not confusing innovation with progress.

https://perilous.tech/confusing-innovation-with-progress/

Confusing Innovation With Progress - Perilous Tech

One mistake we continue to make, time and time again, is confusing innovation with progress. It’s true that in many cases, innovation is progress. We see the

Perilous Tech
Nathan Hamiel Mar 4
We need to get much better at envisioning tradeoffs. A symbiosis with AI would mean that we would never know if a thought or memory we have is truly our own. It’s the end of private thoughts and the beginning of a whole new world of manipulation and unintended consequences.
Nathan Hamiel Mar 2
Pretending we’ve achieved AGI and ignoring all of the issues is not an effective control when slapping generative AI into high-risk, safety-critical use cases. While many point to reliability and human responsibility in military use, many aren’t addressing the security aspects. Generative AI is one of the most manipulable technologies ever invented, and shoving it into systems creates an increased attack surface and unintended consequences. If you wouldn’t trust it to manage your finances, then why would you trust it for autonomous weapons? The future of warfare is gonna be lit, in some cases literally.
Nathan Hamiel Mar 2
I first met FX in the early 2000s. We had so many laughs, so many memories. Hell, during just one notorious hacker trip in 2009, there were enough memories to last a lifetime. He will be missed.
Nathan Hamiel Feb 23

The Black Hat USA call for papers is open. This will be our 6th year of having a dedicated AI track. If you have some interesting AI research, be it attacking, defending, or applying AI, we’d love to see it. Please let me know if you have any questions. https://blackhat.com/call-for-papers.html

Also, I’ve previously written up some observations and guidance to think about when submitting to the AI track at Black Hat. https://perilous.tech/black-hat-ai-track-submissions-observations-and-feedback/

Nathan Hamiel Feb 20
The biggest hot take of the past few weeks is that software is dead. But is it really? Seems there are some fundamental realities not being considered, and the people making these claims are in a bit of a bubble. Regardless of success or failure, software vulnerabilities will be absolutely everywhere. Welcome to the reality of the next few years. I’ve collected some thoughts here: https://perilous.tech/the-death-of-software-is-greatly-exaggerated/
Nathan Hamiel Feb 18
This Clinejection write-up is great, and I learned some things about GitHub actions caching, too. We experienced the same during our research for our Black Hat USA 2025 talk on attacking AI-powered developer productivity tools and their integration with GitHub and GitLab. Right down to the fact that the vendor never fixed the issue until it was exploited. Once again, prompt injection is merely a vehicle. If you don’t understand the environment, then you’ll miss the true impact of the vulnerability. https://adnanthekhan.com/posts/clinejection/
Clinejection — Compromising Cline's Production Releases just by Prompting an Issue Triager | Adnan Khan - Security Research

Clinejection — Compromising Cline's Production Releases just by Prompting an Issue Triager - Security research by adnanthekhan

Adnan Khan - Security Research
Nathan Hamiel Feb 17
If there was a killer use case for this "powerful agentic experience," surely they'd be touting it. But instead we are sold the ability to do things we can already do, just with less security and privacy.