Author | Lightnews

ToxSec

ToxSec

@toxsec.bsky.social

120 followers 370 following 570 posts

AI Security Engineer @ Amazon. M.S. Cybersecurity, CISSP. Ex-NSA, USMC.

Posts Media Videos Starter Packs

ToxSec @toxsec.bsky.social · 7h

Excessive Agency is an OWASP Top 10 Threat. Make sure you watch what permissions you are giving your Agents.
Remember to apply principles of least privilege and audit their actions closely.
#ai #cybersecurity #technology

Ai agents have too much permissions

ToxSec @toxsec.bsky.social · 8h

:0

ToxSec @toxsec.bsky.social · 8h

Aaah the docker ones are always super interesting to me idk why.

ToxSec @toxsec.bsky.social · 8h

Fully believe it will eventually reduce the cost of entry to most tech. Very cool.

ToxSec @toxsec.bsky.social · 8h

Yes

ToxSec @toxsec.bsky.social · 8h

Nice!!

ToxSec @toxsec.bsky.social · 8h

Wow!!

ToxSec @toxsec.bsky.social · 8h

I don’t doubt it. And it’s going to get worse as the tech improves.

ToxSec @toxsec.bsky.social · 8h

Yeah this has been a pervasive one for a while now.

ToxSec @toxsec.bsky.social · 8h

Pretty sick hack honestly. Creative to say the least

ToxSec @toxsec.bsky.social · 8h

Yeah for sure. It’s going to be a key component here.

ToxSec @toxsec.bsky.social · 8h

Metas new $600 billion investment was nice timing for my new article lol.
#ai
open.substack.com/pub/toxsec/p...

The Real Money is in Selling the Shovels.

Why Nvidia, AWS, and infrastructure companies will capture 80% of AI’s wealth while chatbot startups burn through billions.

open.substack.com

ToxSec @toxsec.bsky.social · 9h

sometimes the only vulnerable thing is my patience. #bugbounty

ToxSec @toxsec.bsky.social · 2d

APIs are the real front door now. Devs still leave it unlocked.
Bug bounty gold lives in hidden endpoints, mis-mapped verbs, and backend trust flaws. My full recon & exploitation guide: www.toxsec.com/p/api-securi...

#APISecurity

Bug Bounty API Security Testing

ToxSec | A Guide to API Testing

ToxSec @toxsec.bsky.social · 2d

A book called “If Anyone Builds It, Everyone Dies” hit the bestseller list.

The author thinks AI will kill us all. Maybe he’s wrong about that. But his argument about why we can’t stop building it anyway? That part’s harder to dismiss.

#ai

www.toxsec.com/p/ai-doomsda...

The AI Doomsday Book That Got One Thing Devastatingly Right

Yudkowsky’s “If Anyone Builds It, Everyone Dies” is wrong about fast takeoff but right about the coordination nightmare

ToxSec @toxsec.bsky.social · 2d

Traditional cybersecurity attack are still here for LLMs. I’ve seen several new logic attacks that are pretty effective especially when connected to a RAG.

Think Forkbomb for your chatbot. Reeaaaaallly pricy if you don’t have failsafes and ways to detect it.

ToxSec @toxsec.bsky.social · 2d

ran into a WAF today that blocked me for typing “test.” impressive. #bugbounty

ToxSec @toxsec.bsky.social · 3d

Reading “Chip Wars” and got me thinking, with all the data centers spinning up, I hope we got the best of the best on call haha.

ToxSec @toxsec.bsky.social · 3d

It totally can. I know there is buzz there right now but legit solutions are emerging.

ToxSec @toxsec.bsky.social · 3d

The merger of ai and philosophy is amazing :)

ToxSec @toxsec.bsky.social · 3d

Just saw this earlier. Pretty cool and the correct move imo.

ToxSec @toxsec.bsky.social · 3d

Let’s see all the ai gadgets!!

ToxSec @toxsec.bsky.social · 3d

I literally can’t wait for these new ai powered devices hahah

ToxSec @toxsec.bsky.social · 4d

open.substack.com/pub/secretso...

An Big Tech AI Security Engineer’s Guide to LLM Privacy (Guest Post)

Understand what AI companies log, what 'training' really means, and how to minimize your digital footprint.

open.substack.com

ToxSec @toxsec.bsky.social · 5d

The #1 biggest threat to your ai product.