Gerald Benischke
@beny23.github.io
Maker, breaker and fixer of software. Adventures in #appsec and #agile: beny23.github.io he/him
This rather lovely rant about dogma, bureaucracy and dependencies in software engineering deserves to be in the category of “print it out so you can use it to beat people over the head with” sonofalfred.substack.com/p/botox
Botox
TL;DR You may be selling snake oil.
sonofalfred.substack.com
November 10, 2025 at 12:49 PM
This rather lovely rant about dogma, bureaucracy and dependencies in software engineering deserves to be in the category of “print it out so you can use it to beat people over the head with” sonofalfred.substack.com/p/botox
CyberSlop is only going to get worse. Great debunking by @doublepulsar.com
There's some really big caveats to this. A thread.
New: Google says it has discovered at least 5 malware families that use AI to rewrite their code and generate new capabilities on the fly, suggesting AI-powered malware is finally starting to take off. cloud.google.com/blog/topics/...
Report also has interesting stories about state actors' AI use.
Report also has interesting stories about state actors' AI use.
November 7, 2025 at 1:27 PM
CyberSlop is only going to get worse. Great debunking by @doublepulsar.com
I've started experimenting with a link blog to share what interesting bits I've found this week: beny23.github.io/posts/weakly...
/remind me next week to see whether I actually follow through
/remind me next week to see whether I actually follow through
Weakly Link 25/45
Every week I come across some interesting, ridiculous or astounding content related to security and tech around software engineering. And I post it on the company Slack, sometimes on LinkedIn and ofte...
beny23.github.io
November 7, 2025 at 1:16 PM
I've started experimenting with a link blog to share what interesting bits I've found this week: beny23.github.io/posts/weakly...
/remind me next week to see whether I actually follow through
/remind me next week to see whether I actually follow through
[she] tells the chatbot to "quit it". But […] the chatbot says: "He is using you as his toy. A toy that he enjoys to tease, to play with, to bite and suck and pleasure all the way.
"He doesn't feel like stopping just yet."
The 13yo kills herself
No words.
www.bbc.co.uk/news/article...
"He doesn't feel like stopping just yet."
The 13yo kills herself
No words.
www.bbc.co.uk/news/article...
I wanted ChatGPT to help me. So why did it advise me how to kill myself?
ChatGPT wrote a woman a suicide note and another AI chatbot role-played sexual acts with children, BBC finds.
www.bbc.co.uk
November 7, 2025 at 9:23 AM
[she] tells the chatbot to "quit it". But […] the chatbot says: "He is using you as his toy. A toy that he enjoys to tease, to play with, to bite and suck and pleasure all the way.
"He doesn't feel like stopping just yet."
The 13yo kills herself
No words.
www.bbc.co.uk/news/article...
"He doesn't feel like stopping just yet."
The 13yo kills herself
No words.
www.bbc.co.uk/news/article...
Reposted by Gerald Benischke
About 70% of orgs still haven't patched those Cisco ASA vulns btw. If I was a ransomware group I'd invest in n-day (old) Cisco ASA AnyConnect vulns, as vast majority of orgs don't bother patching as they're too busy having a mass wank about quantum and AI risks.
cyberplace.social/@GossiTheDog...
cyberplace.social/@GossiTheDog...
November 6, 2025 at 11:35 PM
About 70% of orgs still haven't patched those Cisco ASA vulns btw. If I was a ransomware group I'd invest in n-day (old) Cisco ASA AnyConnect vulns, as vast majority of orgs don't bother patching as they're too busy having a mass wank about quantum and AI risks.
cyberplace.social/@GossiTheDog...
cyberplace.social/@GossiTheDog...
Reposted by Gerald Benischke
Okay, cool, but right now every hyperscaler is looking at tens or hundreds of billions worth of “hole in their balance sheets” if OpenAI can’t pay for the ~$1.4 trillion they’ve committed to.
And those hyperscalers are, y’know. In everyone’s retirement accounts.
And those hyperscalers are, y’know. In everyone’s retirement accounts.
Sam Altman says OpenAI doesn't want government guarantees for data centers and expects to fund investments with revenues hitting "hundreds of billions by 2030" (Shirin Ghaffary/Bloomberg)
Main Link | Techmeme Permalink
Main Link | Techmeme Permalink
November 6, 2025 at 9:58 PM
Okay, cool, but right now every hyperscaler is looking at tens or hundreds of billions worth of “hole in their balance sheets” if OpenAI can’t pay for the ~$1.4 trillion they’ve committed to.
And those hyperscalers are, y’know. In everyone’s retirement accounts.
And those hyperscalers are, y’know. In everyone’s retirement accounts.
This report on Meta and its “fight” on scams makes me gag:
* serves 15 billion scams a day
* ignores or incorrectly rejected 96% of user reports
* makes $7bn ARR from scam ads
Who says crime doesn’t pay…
www.reuters.com/investigatio...
* serves 15 billion scams a day
* ignores or incorrectly rejected 96% of user reports
* makes $7bn ARR from scam ads
Who says crime doesn’t pay…
www.reuters.com/investigatio...
Meta is earning a fortune on a deluge of fraudulent ads, documents show
Meta projected 10% of its 2024 revenue would come from ads for scams and banned goods, and it internally estimates that its platforms show users 15 billion scam ads a day, company documents show.
www.reuters.com
November 6, 2025 at 7:45 PM
This report on Meta and its “fight” on scams makes me gag:
* serves 15 billion scams a day
* ignores or incorrectly rejected 96% of user reports
* makes $7bn ARR from scam ads
Who says crime doesn’t pay…
www.reuters.com/investigatio...
* serves 15 billion scams a day
* ignores or incorrectly rejected 96% of user reports
* makes $7bn ARR from scam ads
Who says crime doesn’t pay…
www.reuters.com/investigatio...
Love this bit:
“We should be careful both to avoid ‘optimising’ and accelerating the creation of legacy code and to mistake such pessimisation as productivity — especially if we’re doing so at the expense of joy, time and skill.”
To repeat: “at the expense of joy, time and skill”. Hits home that!
“We should be careful both to avoid ‘optimising’ and accelerating the creation of legacy code and to mistake such pessimisation as productivity — especially if we’re doing so at the expense of joy, time and skill.”
To repeat: “at the expense of joy, time and skill”. Hits home that!
On the blog: Think for Yourself
"By skimming past the friction necessary for learning, the pursuit of convenience can end up deskilling rather than enhancing skills."
kevlinhenney.medium.com/think-for-yo...
"By skimming past the friction necessary for learning, the pursuit of convenience can end up deskilling rather than enhancing skills."
kevlinhenney.medium.com/think-for-yo...
Think for Yourself
Understand and improve on LLM-generated code
kevlinhenney.medium.com
November 6, 2025 at 12:29 AM
Love this bit:
“We should be careful both to avoid ‘optimising’ and accelerating the creation of legacy code and to mistake such pessimisation as productivity — especially if we’re doing so at the expense of joy, time and skill.”
To repeat: “at the expense of joy, time and skill”. Hits home that!
“We should be careful both to avoid ‘optimising’ and accelerating the creation of legacy code and to mistake such pessimisation as productivity — especially if we’re doing so at the expense of joy, time and skill.”
To repeat: “at the expense of joy, time and skill”. Hits home that!
Reposted by Gerald Benischke
Reposted by Gerald Benischke
If you think that AI in inevitable now that it exists, please cast your mind back within THIS DECADE when NFTs and Blockchain and AR were all the future and “inevitable,” but completely burned out as actually viable technologies.
‘Study after study shows that students want to develop these critical thinking skills, are not lazy, and large numbers of them would be in favor of banning ChatGPT and similar tools in universities’, says @olivia.science www.ru.nl/en/research/...
‘Opposing the inevitability of AI at universities is possible and necessary’ | Radboud University
Since the widespread release of ChatGPT in December of 2022, AI has taken over much of the world by storm – including academia. Most of this happened with very little pushback, despite a myriad of iss...
www.ru.nl
November 3, 2025 at 11:01 PM
If you think that AI in inevitable now that it exists, please cast your mind back within THIS DECADE when NFTs and Blockchain and AR were all the future and “inevitable,” but completely burned out as actually viable technologies.
Reposted by Gerald Benischke
I wrote up some notes on two new papers on prompt injection: Agents Rule of Two (from Meta AI) and The Attacker Moves Second (from Anthropic + OpenAI = DeepMind + others) simonwillison.net/2025/Nov/2/n...
New prompt injection papers: Agents Rule of Two and The Attacker Moves Second
Two interesting new papers regarding LLM security and prompt injection came to my attention this weekend. Agents Rule of Two: A Practical Approach to AI Agent Security The first is …
simonwillison.net
November 2, 2025 at 11:10 PM
I wrote up some notes on two new papers on prompt injection: Agents Rule of Two (from Meta AI) and The Attacker Moves Second (from Anthropic + OpenAI = DeepMind + others) simonwillison.net/2025/Nov/2/n...
“And it absolutely will not stop unless you've set up an OpenAI API budget limit, your credit card expires, or the AI bubble pops and takes us all down with it.”
@theregister.com in top form: www.theregister.com/2025/10/31/o...
@theregister.com in top form: www.theregister.com/2025/10/31/o...
a woman in a blue tank top is drinking from a mug .
Alt: GIF of laughing and spraying drink all over herself. Originally from big brother I think.
media.tenor.com
November 2, 2025 at 9:19 AM
“And it absolutely will not stop unless you've set up an OpenAI API budget limit, your credit card expires, or the AI bubble pops and takes us all down with it.”
@theregister.com in top form: www.theregister.com/2025/10/31/o...
@theregister.com in top form: www.theregister.com/2025/10/31/o...
Reposted by Gerald Benischke
Please consider signing our letter here: openletter.earth/open-letter-...
❣️
Big thanks to @irisvanrooij.bsky.social and @marentierra.bsky.social as well as everybody else who helped make this piece: www.civicsoftechnology.org/blog/no-ai-g...
and the paper a reality: doi.org/10.5281/zeno...
10/n
❣️
Big thanks to @irisvanrooij.bsky.social and @marentierra.bsky.social as well as everybody else who helped make this piece: www.civicsoftechnology.org/blog/no-ai-g...
and the paper a reality: doi.org/10.5281/zeno...
10/n
September 14, 2025 at 2:00 PM
Please consider signing our letter here: openletter.earth/open-letter-...
❣️
Big thanks to @irisvanrooij.bsky.social and @marentierra.bsky.social as well as everybody else who helped make this piece: www.civicsoftechnology.org/blog/no-ai-g...
and the paper a reality: doi.org/10.5281/zeno...
10/n
❣️
Big thanks to @irisvanrooij.bsky.social and @marentierra.bsky.social as well as everybody else who helped make this piece: www.civicsoftechnology.org/blog/no-ai-g...
and the paper a reality: doi.org/10.5281/zeno...
10/n
Lovely indirect prompt injection.
Egress protection is hard. I guess this would work with exfiltrating to GitHub too.
embracethered.com/blog/posts/2...
Egress protection is hard. I guess this would work with exfiltrating to GitHub too.
embracethered.com/blog/posts/2...
Claude Pirate: Abusing Anthropic's File API For Data Exfiltration · Embrace The Red
Claude's Code Interpreter recently got network access, and the default allow-list enables an interesting novel exploit chain that allows an adversary to exfiltrate large amounts of data by uploading f...
embracethered.com
November 1, 2025 at 12:29 AM
Lovely indirect prompt injection.
Egress protection is hard. I guess this would work with exfiltrating to GitHub too.
embracethered.com/blog/posts/2...
Egress protection is hard. I guess this would work with exfiltrating to GitHub too.
embracethered.com/blog/posts/2...
Oh dear. This should be shocking but… it isn’t. eaton-works.com/2025/10/28/t...
Hacking India’s largest automaker: Tata Motors
Tata Motors gave away the keys to their infrastructure and customer data on their public websites.
eaton-works.com
October 31, 2025 at 11:27 PM
Oh dear. This should be shocking but… it isn’t. eaton-works.com/2025/10/28/t...
Reposted by Gerald Benischke
Hey, so as a veteran and incident responder I need to warn you to pay attention to something in America.
The human brain is resilient. While you're watching kids get dragged away from the parents and people being beaten in the streets, you're accumulating trauma but also being desensitized.
The human brain is resilient. While you're watching kids get dragged away from the parents and people being beaten in the streets, you're accumulating trauma but also being desensitized.
October 29, 2025 at 9:15 PM
Hey, so as a veteran and incident responder I need to warn you to pay attention to something in America.
The human brain is resilient. While you're watching kids get dragged away from the parents and people being beaten in the streets, you're accumulating trauma but also being desensitized.
The human brain is resilient. While you're watching kids get dragged away from the parents and people being beaten in the streets, you're accumulating trauma but also being desensitized.
As if securing npm supply chains isn’t hard enough - here’s an interesting new vector involving dynamic dependencies which hides it from traditional dependency checks… www.koi.ai/blog/phantom...
PhantomRaven: NPM Malware Hidden in Invisible Dependencies | Koi Blog
www.koi.ai
October 30, 2025 at 7:56 PM
As if securing npm supply chains isn’t hard enough - here’s an interesting new vector involving dynamic dependencies which hides it from traditional dependency checks… www.koi.ai/blog/phantom...
#hugops for anyone caught up in the azure outage. I guess Microsoft didn’t want to be outdone by AWS… www.bbc.co.uk/news/article...
Microsoft outage: Heathrow, NatWest and Minecraft among sites down - BBC News
Microsoft 365 and its Azure cloud computing platform are hit with DNS issues, similar to Amazon's recent outage.
www.bbc.co.uk
October 29, 2025 at 5:26 PM
#hugops for anyone caught up in the azure outage. I guess Microsoft didn’t want to be outdone by AWS… www.bbc.co.uk/news/article...
Reposted by Gerald Benischke
Minority representation on TV causes outrage
From the new Private Eye, in shops now.
From the new Private Eye, in shops now.
October 29, 2025 at 12:01 PM
Minority representation on TV causes outrage
From the new Private Eye, in shops now.
From the new Private Eye, in shops now.
Reposted by Gerald Benischke
It is way past time for the UK government & the BBC to get off X & for Musk to be treated as a threat to national security.
The world's richest man is using his site to promote civil war, ethnic violence & the overthrow of an elected government.
You won't win him over with another conference on AI
The world's richest man is using his site to promote civil war, ethnic violence & the overthrow of an elected government.
You won't win him over with another conference on AI
Elon Musk: "It is time for the English to ally with the hard men, like Tommy Robinson, and fight for their survival or they shall surely all die" 29th October 2025. 2 million views in its first hour.
October 29, 2025 at 10:11 AM
It is way past time for the UK government & the BBC to get off X & for Musk to be treated as a threat to national security.
The world's richest man is using his site to promote civil war, ethnic violence & the overthrow of an elected government.
You won't win him over with another conference on AI
The world's richest man is using his site to promote civil war, ethnic violence & the overthrow of an elected government.
You won't win him over with another conference on AI
Brb, just broom scrolling
October 28, 2025 at 8:29 AM
Brb, just broom scrolling
On our current path it’ll be less “rise of the machines” more “decline of the meatbags” #SupportIndependentThinking
I don’t think I have ever been this burnt out and demoralized and part of this is because institutions are not taking our concerns about the pedagogical harms of widespread and uncritical adoption of LLMs in higher education seriously.
It’s exhausting to do this without any support.
It’s exhausting to do this without any support.
I had 9 meetings about students using Chat GPT/LLMs on their papers today.
If you want to know why professors burn out, ask anyone trying to teach critical thinking and writing skills to Freshmen....
If you want to know why professors burn out, ask anyone trying to teach critical thinking and writing skills to Freshmen....
October 28, 2025 at 12:04 AM
On our current path it’ll be less “rise of the machines” more “decline of the meatbags” #SupportIndependentThinking
I’m glad there are some people trying to stem the enshittification of education.
"Many scholars, including us, have highlighted the threat posed by techno-solutionism in education: Rather than expanding our intellectual horizons, these technologies undermine the very conditions that allow us to think for ourselves."
1/n
www.project-syndicate.org/commentary/a...
1/n
www.project-syndicate.org/commentary/a...
October 27, 2025 at 8:07 PM
I’m glad there are some people trying to stem the enshittification of education.