Sam Stepanyan
@securestep9.bsky.social
OWASP London Chapter Leader. #OWASP Global Board Member. OWASP Nettacker Project Leader. #AppSec Consultant, #CISSP. Follow me on Twitter/X and Mastodon https://twitter.com/securestep9 https://infosec.exchange/@securestep9
#AI: HackedGPT: Novel AI Vulnerabilities Open the Door for Private Data Leakage: unique indirect prompt injections, exfiltration of personal user information, persistence, evasion, and bypass of safety mechanisms:
#AISecurity
www.tenable.com/blog...
#AISecurity
www.tenable.com/blog...
November 9, 2025 at 10:21 PM
#AI: HackedGPT: Novel AI Vulnerabilities Open the Door for Private Data Leakage: unique indirect prompt injections, exfiltration of personal user information, persistence, evasion, and bypass of safety mechanisms:
#AISecurity
www.tenable.com/blog...
#AISecurity
www.tenable.com/blog...
If you are attending #OWASP #LASCON (@LASCONATX) 2025 Conference in Austin, Texas don't miss my talk on the OWASP #Nettacker Project at 1pm CDT in the Read Oak Ballroom:
lascon.org/schedule/
lascon.org/schedule/
October 23, 2025 at 4:04 PM
If you are attending #OWASP #LASCON (@LASCONATX) 2025 Conference in Austin, Texas don't miss my talk on the OWASP #Nettacker Project at 1pm CDT in the Read Oak Ballroom:
lascon.org/schedule/
lascon.org/schedule/
I am running for re-election to the OWASP Global Board of Directors in 2025.
🗳️OWASP Global Board Elections have started and all OWASP Members should have received an email with the e-ballot yesterday.
owasp.org/www-board-ca...
Thank you for your support!
🗳️OWASP Global Board Elections have started and all OWASP Members should have received an email with the e-ballot yesterday.
owasp.org/www-board-ca...
Thank you for your support!
October 17, 2025 at 8:54 PM
I am running for re-election to the OWASP Global Board of Directors in 2025.
🗳️OWASP Global Board Elections have started and all OWASP Members should have received an email with the e-ballot yesterday.
owasp.org/www-board-ca...
Thank you for your support!
🗳️OWASP Global Board Elections have started and all OWASP Members should have received an email with the e-ballot yesterday.
owasp.org/www-board-ca...
Thank you for your support!
#Azure: a token validation vulnerability allowing to get Global Admin in any Entra ID tenant(CVE-2025-55241) found by @dirkjanm.io
#CloudSecurity
👇
dirkjanm.io/obtaining-gl...
#CloudSecurity
👇
dirkjanm.io/obtaining-gl...
September 17, 2025 at 10:41 PM
#Azure: a token validation vulnerability allowing to get Global Admin in any Entra ID tenant(CVE-2025-55241) found by @dirkjanm.io
#CloudSecurity
👇
dirkjanm.io/obtaining-gl...
#CloudSecurity
👇
dirkjanm.io/obtaining-gl...
I donated blood today! #OWASP is running a blood donation drive in honour of Sherif Mansour - @owasplondon.bsky.social Chapter Leader and OWASP Board Chairman 2021 who was recently diagnosed with leukemia.
Please help him and everyone who needs blood: donate!
👇
owasp.org/blog/2025/08...
Please help him and everyone who needs blood: donate!
👇
owasp.org/blog/2025/08...
August 24, 2025 at 11:45 AM
I donated blood today! #OWASP is running a blood donation drive in honour of Sherif Mansour - @owasplondon.bsky.social Chapter Leader and OWASP Board Chairman 2021 who was recently diagnosed with leukemia.
Please help him and everyone who needs blood: donate!
👇
owasp.org/blog/2025/08...
Please help him and everyone who needs blood: donate!
👇
owasp.org/blog/2025/08...
#MCP Horror Story: Hackers leaked sensitive data from a private GitHub repo by planting a prompt injection in a public #GitHub issue abusing GitHub MCP Server:
#AISecurity
#PromptInjection
👇
www.docker.com/blog/...
#AISecurity
#PromptInjection
👇
www.docker.com/blog/...
August 18, 2025 at 8:05 PM
#MCP Horror Story: Hackers leaked sensitive data from a private GitHub repo by planting a prompt injection in a public #GitHub issue abusing GitHub MCP Server:
#AISecurity
#PromptInjection
👇
www.docker.com/blog/...
#AISecurity
#PromptInjection
👇
www.docker.com/blog/...
#AI: "Prompt injection, the lethal trifecta, and the challenges of securing systems that use MCP" - a great blog post from @simonwillison.net - A must-read for everyone in InfoSec desperately trying to explain the dangers of blind adoption of #MCP:
#AISecurity
👇
simonwillison.net/2025/Aug/9/b...
#AISecurity
👇
simonwillison.net/2025/Aug/9/b...
August 12, 2025 at 6:30 PM
#AI: "Prompt injection, the lethal trifecta, and the challenges of securing systems that use MCP" - a great blog post from @simonwillison.net - A must-read for everyone in InfoSec desperately trying to explain the dangers of blind adoption of #MCP:
#AISecurity
👇
simonwillison.net/2025/Aug/9/b...
#AISecurity
👇
simonwillison.net/2025/Aug/9/b...
#WhatsApp is finally rolling out a feature that warns you if someone not in your contacts adds you to a WhatsApp group. This feature directly targets a common tactic that is used to spread scam messages and vulnerabilities via WhatsApp:
about.fb.com/news/20...
about.fb.com/news/20...
August 11, 2025 at 1:12 PM
#WhatsApp is finally rolling out a feature that warns you if someone not in your contacts adds you to a WhatsApp group. This feature directly targets a common tactic that is used to spread scam messages and vulnerabilities via WhatsApp:
about.fb.com/news/20...
about.fb.com/news/20...
July 25, 2025 at 6:00 PM
Who needs developers? #GitHub has just announced that any open GitHub issues can now be assigned to an #AI Agent who will do all the work: 😮
* Fix bugs
* Implement new features
* Improve test coverage
* Update documentation
* Address technical debt
👇
docs.github.com/en/copilot/u...
* Fix bugs
* Implement new features
* Improve test coverage
* Update documentation
* Address technical debt
👇
docs.github.com/en/copilot/u...
June 19, 2025 at 5:12 PM
Who needs developers? #GitHub has just announced that any open GitHub issues can now be assigned to an #AI Agent who will do all the work: 😮
* Fix bugs
* Implement new features
* Improve test coverage
* Update documentation
* Address technical debt
👇
docs.github.com/en/copilot/u...
* Fix bugs
* Implement new features
* Improve test coverage
* Update documentation
* Address technical debt
👇
docs.github.com/en/copilot/u...
Many thanks everyone who came to my talk on the OWASP Nettacker project at the #OWASP Global AppSec 2025 Conference in Barcelona!
Several attendees will be joining us to collaborate and contribute! 🚀
👉 github.com/OWASP/Net...
Several attendees will be joining us to collaborate and contribute! 🚀
👉 github.com/OWASP/Net...
May 31, 2025 at 3:10 PM
Many thanks everyone who came to my talk on the OWASP Nettacker project at the #OWASP Global AppSec 2025 Conference in Barcelona!
Several attendees will be joining us to collaborate and contribute! 🚀
👉 github.com/OWASP/Net...
Several attendees will be joining us to collaborate and contribute! 🚀
👉 github.com/OWASP/Net...
If you are attending the OWASP Global AppSec 2025 conference in Barcelona and if you are an OWASP member you can grab a challenge coin 🪙 from the members lounge (room 111)!
You can also join OWASP as a member at the conference!
👇
You can also join OWASP as a member at the conference!
👇
May 29, 2025 at 12:22 PM
If you are attending the OWASP Global AppSec 2025 conference in Barcelona and if you are an OWASP member you can grab a challenge coin 🪙 from the members lounge (room 111)!
You can also join OWASP as a member at the conference!
👇
You can also join OWASP as a member at the conference!
👇
I am attending and speaking 🗣️ at the #OWASP Global @AppSecEU 2025 conference in sunny ☀️ Barcelona!!!
If you are attending - see you there!
Conference agenda can be found here:
👇
owasp2025globalappseceu.sched.com/list/simple
If you are attending - see you there!
Conference agenda can be found here:
👇
owasp2025globalappseceu.sched.com/list/simple
May 29, 2025 at 7:28 AM
I am attending and speaking 🗣️ at the #OWASP Global @AppSecEU 2025 conference in sunny ☀️ Barcelona!!!
If you are attending - see you there!
Conference agenda can be found here:
👇
owasp2025globalappseceu.sched.com/list/simple
If you are attending - see you there!
Conference agenda can be found here:
👇
owasp2025globalappseceu.sched.com/list/simple
#AI: "Creating Secure Covert Channels with LLMs over Public Channels" by @billatnapier - mind-blowing 🤯!
AI agents can pass information between them, and humans would not be able to detect that secret messages were being sent within valid-looking text!
👇
billatnapier.medium.com/creating-sec...
AI agents can pass information between them, and humans would not be able to detect that secret messages were being sent within valid-looking text!
👇
billatnapier.medium.com/creating-sec...
April 24, 2025 at 6:11 PM
#AI: "Creating Secure Covert Channels with LLMs over Public Channels" by @billatnapier - mind-blowing 🤯!
AI agents can pass information between them, and humans would not be able to detect that secret messages were being sent within valid-looking text!
👇
billatnapier.medium.com/creating-sec...
AI agents can pass information between them, and humans would not be able to detect that secret messages were being sent within valid-looking text!
👇
billatnapier.medium.com/creating-sec...
Our meetup has started and we have John Wood and Aurelien Svevi on stage talking about protecting APIs and applications at run-time. Watch the live-stream 📺 here:
👇
www.youtube.com/live/uhFpUjd...
👇
www.youtube.com/live/uhFpUjd...
April 23, 2025 at 5:27 PM
Our meetup has started and we have John Wood and Aurelien Svevi on stage talking about protecting APIs and applications at run-time. Watch the live-stream 📺 here:
👇
www.youtube.com/live/uhFpUjd...
👇
www.youtube.com/live/uhFpUjd...
#OWASP Application Security Verification Standard (#ASVS) v5.0 RC1 is now ready for review! The ASVS team needs your feedback!
Can developers and testers understand it? Anything missing? Please review!
👇
asvs.dev/v5.0.draft/...
Can developers and testers understand it? Anything missing? Please review!
👇
asvs.dev/v5.0.draft/...
April 3, 2025 at 11:20 AM
#OWASP Application Security Verification Standard (#ASVS) v5.0 RC1 is now ready for review! The ASVS team needs your feedback!
Can developers and testers understand it? Anything missing? Please review!
👇
asvs.dev/v5.0.draft/...
Can developers and testers understand it? Anything missing? Please review!
👇
asvs.dev/v5.0.draft/...
#Google: Google did an Oopsie: a simple #IDOR #vulnerability allowed access to other users private files by changing the Google Drive file docID parameter - bug worth $3,133.7 #bugbounty
#bugbountytips
👇
c2a.github.io/simple-idor-...
#bugbountytips
👇
c2a.github.io/simple-idor-...
February 16, 2025 at 11:28 AM
#Google: Google did an Oopsie: a simple #IDOR #vulnerability allowed access to other users private files by changing the Google Drive file docID parameter - bug worth $3,133.7 #bugbounty
#bugbountytips
👇
c2a.github.io/simple-idor-...
#bugbountytips
👇
c2a.github.io/simple-idor-...
#Ivanti: ⚠️ Multiple Critical vulnerabilities in Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS) and Ivanti Secure Access Client (ISAC).
Patched versions released:
👇
forums.ivanti.com/s/article/Fe...
Patched versions released:
👇
forums.ivanti.com/s/article/Fe...
February 11, 2025 at 7:57 PM
#Ivanti: ⚠️ Multiple Critical vulnerabilities in Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS) and Ivanti Secure Access Client (ISAC).
Patched versions released:
👇
forums.ivanti.com/s/article/Fe...
Patched versions released:
👇
forums.ivanti.com/s/article/Fe...
#AI hallucinations are making the world more dangerous as Apple Intelligence feature on the latest iPhones makes up a totally fake BBC News story falsely claiming Luigi Mangione shot himself and fabricated a NYTimes story claiming Netanyahu is arrested:
👇
www.bbc.co.uk/news/article...
👇
www.bbc.co.uk/news/article...
December 15, 2024 at 5:35 PM
#AI hallucinations are making the world more dangerous as Apple Intelligence feature on the latest iPhones makes up a totally fake BBC News story falsely claiming Luigi Mangione shot himself and fabricated a NYTimes story claiming Netanyahu is arrested:
👇
www.bbc.co.uk/news/article...
👇
www.bbc.co.uk/news/article...
I finally got to see IBM Q System One - IBMs Quantum computer! 💻⚛️
quantum.ibm.com/services/res...
quantum.ibm.com/services/res...
November 28, 2024 at 6:45 PM
I finally got to see IBM Q System One - IBMs Quantum computer! 💻⚛️
quantum.ibm.com/services/res...
quantum.ibm.com/services/res...
BlueSky keeps crashing (or a DDoS attack?):
#internalservererror
#internalservererror
November 19, 2024 at 10:06 PM
BlueSky keeps crashing (or a DDoS attack?):
#internalservererror
#internalservererror
