HackerTrans
TopNewTrendsCommentsPastAskShowJobs

jfkimmes

no profile record

comments

jfkimmes
·3 เดือนที่ผ่านมา·discuss
Codex is open source and allows any model to be configured.
jfkimmes
·3 เดือนที่ผ่านมา·discuss
They hint at their AI-augmented reversing methodology, which demonstrates one of the core strengths of current LLM agents. These models, trained extensively on code, can immensely speed up the process of understanding complex system internals.

Security research historically has two difficult components that build on one another: 1. Understanding complex system internals: uncovering the inner workings hidden by abstractions or interfaces 2. Finding vulnerabilities in these uncovered mechanisms

Sometimes both steps are equally hard. But often, finding the vulnerability is trivial once the real mechanisms are uncovered, rather than relying on assumptions about inner workings.

CVE-2026-3854 is a case where the vulnerability is not plainly obvious after understanding the internals. Still, I am confident that this command injection would have been found quickly had it been exposed to a more traditional or accessible attack surface.
jfkimmes
·3 เดือนที่ผ่านมา·discuss
Do you have a source for that?

Neither the release post, nor the model card seems to indicate anything like this?
jfkimmes
·3 เดือนที่ผ่านมา·discuss
Everyone talked about the marketing stunt that was Anthropic's gated Mythos model with an 83% result on CyberGym. OpenAI just dropped GPT 5.5, which scores 82% and is open for anybody to use.

I recommend anybody in offensive/defensive cybersecurity to experiment with this. This is the real data point we needed - without the hype!

Never thought I'd say this but OpenAI is the 'open' option again.
jfkimmes
·4 เดือนที่ผ่านมา·discuss
Not the same league as McKinsey, but I like to point to this presentation to show the effects of a (vibe coded) prompt injection vulnerability:

https://media.ccc.de/v/39c3-skynet-starter-kit-from-embodied...

> [...] we also exploit the embodied AI agent in the robots, performing prompt injection and achieve root-level remote code execution.
jfkimmes
·4 เดือนที่ผ่านมา·discuss
Here's a little more context about the author's motivation: https://mathstodon.xyz/@csk/116162797629337132
jfkimmes
·4 เดือนที่ผ่านมา·discuss
Funny, I was just configuring ghostty. I finally made the jump in order to get rid of tmux as a layer of indirection.

Here's what I landed on: This config tries to emulate as much of tmux with native ghostty features (splits and tabs).

https://codeberg.org/jfkimmes/dotfiles/src/branch/master/gho...
jfkimmes
·ปีที่แล้ว·discuss
This is a Google Play Services update. For GrapheneOS users without GApps wondering: A similar feature is already built-in: https://grapheneos.org/features#auto-reboot
jfkimmes
·ปีที่แล้ว·discuss
And here I was, thinking I was clever for coming up with the agent smith image for an agent framework.

https://codeberg.org/jfkimmes/TinyAgentSmith