Gabriel
@morecoffeeplz.bsky.social
AI Research scientist. Former OpenAI, Apple infosec. “Professor” at John’s Hopkins SAIS Alperovitch Institute. Great deceiver of hike length and difficulty.
Thanks! DM me if you are interested in the slides :)
October 21, 2025 at 7:13 PM
Thanks! DM me if you are interested in the slides :)
Which is to say that as the context window fills up it just acts as a mirror for how the individual wants to be treated. Yikes.
October 16, 2025 at 5:19 PM
Which is to say that as the context window fills up it just acts as a mirror for how the individual wants to be treated. Yikes.
@sentinelone.com social team I am also on bluesky 😂
October 1, 2025 at 6:32 PM
@sentinelone.com social team I am also on bluesky 😂
3. What additional constraints do LLMs produce for adversaries? Hunting with the contraints of our adversaries was our initial premise. We've been doing it for years, LLMs simply present a new dimension for us to explore. If you'd like to work with us on this please let us know!
September 22, 2025 at 9:52 PM
3. What additional constraints do LLMs produce for adversaries? Hunting with the contraints of our adversaries was our initial premise. We've been doing it for years, LLMs simply present a new dimension for us to explore. If you'd like to work with us on this please let us know!
Malware that can run simple instructions, identify the target device, important files, and provide summaries back to a C2 would eliminate or streamline a significant amount of adversary workload.
September 22, 2025 at 9:52 PM
Malware that can run simple instructions, identify the target device, important files, and provide summaries back to a C2 would eliminate or streamline a significant amount of adversary workload.
2. LLM-enabled malware is interesting and (we believe) important to study, but it is unclear exactly what the operational advances are. Assuming we get to the point of LLMs running natively on endpoints malware that could hijack that process may be extremely useful.
September 22, 2025 at 9:52 PM
2. LLM-enabled malware is interesting and (we believe) important to study, but it is unclear exactly what the operational advances are. Assuming we get to the point of LLMs running natively on endpoints malware that could hijack that process may be extremely useful.
Ok some questions that this research posed for us:
1. Hunting for prompts and API keys works, but it is a brittle detection. Eventually adversaries will move to proxy services that provide some level of obfuscation. What do we do then?
1. Hunting for prompts and API keys works, but it is a brittle detection. Eventually adversaries will move to proxy services that provide some level of obfuscation. What do we do then?
September 22, 2025 at 9:52 PM
Ok some questions that this research posed for us:
1. Hunting for prompts and API keys works, but it is a brittle detection. Eventually adversaries will move to proxy services that provide some level of obfuscation. What do we do then?
1. Hunting for prompts and API keys works, but it is a brittle detection. Eventually adversaries will move to proxy services that provide some level of obfuscation. What do we do then?
If we want to understand LLM risks, we should align expectations with risks we can observe and measure, not hype.
September 22, 2025 at 9:52 PM
If we want to understand LLM risks, we should align expectations with risks we can observe and measure, not hype.