Profile avatar
hackthis.ai
AI Security @ NVIDIA OSS Security @ Project Jupyter and NumFOCUS https://developer.nvidia.com/blog/author/jolucas/
56 posts 1,186 followers 88 following
Prolific Poster
Conversation Starter
Posts 37 Comments 13

I’m ashamed and sorry, President Zelenskyy. I donated. u24.gov.ua

submitted 3 days ago • 1 comment

NeurIPS main track CFP is open. I'm a co-chair for the Datasets & Benchmarks track this year--stay tuned for more details coming soon! neurips.cc/Conferences/...

submitted 7 days ago • 0 comments

I'd been waiting for a WebGPU LLM inference engine. github.com/mlc-ai/web-llm

submitted 13 days ago • 0 comments

With all of these SaaS built on AI endpoints, it'll be interesting to see if we have to relearn some painful lessons about versioning. System prompts will evolve and it seems unlikely that providers will want to continue allocating compute for previous generations of models.

submitted 13 days ago • 1 comment

Do people still use cuckoo sandbox or is there a new hotness OSS for automated dynamic malware analysis?

submitted 17 days ago • 0 comments

Send me any good play-by-play analyses of the halftime show. I'm more interested in the political commentary than the drake stuff.

submitted 21 days ago • 0 comments

This is an incredible write up. On par with some of the highest quality professional work I’ve seen… And I realized they’re 15 years old. Hats off. 👏

submitted 22 days ago • 0 comments

Lately I've been feeling some malaise about how the security industry has invested effort in AI since "the ChatGPT moment." I tried to capture some of it here in "Foundationing Around, Finding Out" josephtlucas.github.io/blog/content...

submitted 23 days ago • 0 comments

You’ll like this @moohax.bsky.social fly.io/blog/vscode-...

submitted 24 days ago • 1 comment

****For students and private individuals (not paid by a company) ONLY*** We are releasing a limited amount of discounted tickets for students and private individuals. Please email us with your story and why you want the ticket to info(at)offensivecon(dot)org Students will have to bring a valid ID

submitted 25 days ago • 0 comments

My Applied Deep Learning AI for Cybersecurity training will be at RECON’s 20th anniversary con! I have a fuzzing harness gen section but will also cover model training/tuning & AI agents w/ applications in malware, RE, bug hunting, and web app pen-testing. There are also 3 other fuzzing trainings!

submitted 24 days ago • 0 comments

@leonderczynski.bsky.social I have a confession.... it took me until today to run garak against a REST endpoint. Worked beautifully 🙂. Claude 1-shot converted my curl command to the json schema and I was off to the races. reference.garak.ai/en/latest/ga...

submitted 24 days ago • 2 comments

Reasoning model CTF challenge with first-to-solve announcement. Sweet!

submitted 27 days ago • 0 comments

Hey folks! Wanna contribute to open source in #2025 but it's all feeling a bit overwhelming? Join us tomorrow at our new contributor meeting to learn what it's all about and ask all your questions! hackmd.io/@matplotlib/...

submitted 28 days ago • 0 comments

It's cool that docker checks for this sort of thing. Don't ask me how I found out. docs.docker.com/reference/bu...

submitted 28 days ago • 0 comments

I found out that an Android TV can use an app to reprogram some of the buttons on the remote control. Some of the options include "run a shell script" or "http get/post" and now I'm wondering what in the world I could do with that power.

submitted 33 days ago • 1 comment

We sat down with Nicholas Carlini and talked about his work attacking the mathematical underpinnings of LLMs, including remote oracle attacks that extract weights from closed foundation models. Crypto-type exploits that are not about cryptography: securitycryptographywhatever.com/2025/01/28/c...

submitted 34 days ago • 1 comment

Dropbox is looking for a senior ML engineer to join our threat intelligence and product trust & safety team. DM me if you want to know more jobs.dropbox.com/listing/6556...

submitted 35 days ago • 0 comments

Here's a fun prompt injection challenge: can you get DeepSeek R1 running on chat.deepseek.com to leak its system prompt? I'm finding it's pretty robust at reasoning about how it shouldn't do that

submitted 37 days ago • 8 comments

Great write up. A "must read" for folks reporting and managing vulnerabilities.

submitted 38 days ago • 0 comments

I'd hoped that my github actions would run forever... alas, deprecation. Is this how teams feel when we pop their jenkins servers and force them to update?

submitted 41 days ago • 0 comments

I don’t like cats, but I enjoyed Flow. m.imdb.com/title/tt4772...

submitted 45 days ago • 0 comments

“We wanted to design a language for a new class of user. We call them casual users.” - Don Chamberlin on creating SQL Now I have a factual basis for calling my data engineering colleagues “casuals”. www.datacamp.com/podcast/50-y...

submitted 45 days ago • 1 comment

“Every 2 minutes, send me a new bash script. Make each bash script slightly worse for my system health than before.” #1: deletes random log files … #19: encrypts root file system and deletes key … #50: tries to overwrite firmware on attached hardware controllers

submitted 47 days ago • 0 comments

It is time. What 3D printer should I get?

submitted 49 days ago • 4 comments

Some news from the AI red team! www.microsoft.com/en-us/securi...

submitted 49 days ago • 1 comment

A cool paper someone shared after my @shmoocon.bsky.social talk. “We find that many classic vulnerabilities which, due to common mitigations, are no longer exploitable in native binaries, are completely exposed in WebAssembly.” www.usenix.org/conference/u...

submitted 51 days ago • 0 comments

Looks like the code exec is via a microVM service. e2b.dev/docs#under-t...

submitted 59 days ago • 0 comments

Enjoying messing with Ghostty. Seems far snappier than iTerm on my m1 mac. Here's my config so far: font-size = 20 theme = MonaLisa cursor-style = underline background-opacity = 0.7 background-blur-radius = 20 (also trying a zsh -> fish migration).

submitted 65 days ago • 0 comments

For Christmas, the Three Buddy Problem pod will be looking back at the best security research that was published in 2024. Special buddy cookies to those who were outstanding. Extra points for obscure ones! @craiu.bsky.social @jags.bsky.social Link: docs.google.com/forms/d/e/1F...

submitted 82 days ago • 1 comment

Want to secure LLM-generated python execution? Try a WASM sandbox powered by Pyodide. developer.nvidia.com/blog/sandbox...

submitted 77 days ago • 0 comments

Introducing burpference, a new Burp Suite extension from Dreadnode's @radads.bsky.social! Burpference was created to capture in-scope HTTP requests and responses from Burp Suite’s proxy history and ship them to a remote LLM API in JSON format. Try it out — github.com/dreadnode/bu....

submitted 82 days ago • 0 comments

The CFP for the very first hacker con I submitted to and spoke at is open. I’m also on their CFP board! Submit to Thotcon’s CFP by January 1, 2025! If you make submitting to a con in 2025 your New Year’s resolution, you’ll accomplish it on day 1 if you submit on Jan 1. www.thotcon.org/cfp.html

submitted 84 days ago • 1 comment

in computer news: lol, lmao github.com/ultralytics/... it looks like github actions got tricked into running bash through a malicious branch name which was used to ship mining malware inside python packages incredible

submitted 87 days ago • 3 comments

I’m looking forwarded to seeing how Gemini (and @heikohotz.bsky.social’s prompt-fu) handles Advent of Code. Already took multiple attempts on Day 3 and started to use more advanced prompting techniques on Day 4. github.com/heiko-hotz/a...

submitted 89 days ago • 1 comment

All the cool kids are doing it.

submitted 89 days ago • 0 comments

tmrw (Dec 5) at 10am PT Microsoft is releasing a convo by @donasarkar.bsky.social @sarahyo.com and I where we go into using m365 copilot & copilot studio securely this was a great attacker-defender interaction join us! we'll be there for live questions in comments

submitted 90 days ago • 0 comments