Interested in web security, bug bounties, machine learning and investing. SolidGoldMagikarp
harisec
Loading...
I wrote an article about how it's possible to use Assistant Prefill to jailbreak LLMs (Large Language Models).
Here is an example of the latest model from Microsoft (Phi-4) writing a phishing email:
I wrote a blog post about how I use Claude Code (and other models) in my work: invicti.com/blog/securit...
I wrote a blog post about enumerating and testing tool usage in web applications that use LLMs:
www.invicti.com/blog/securit...
The article: www.invicti.com/blog/securit...
Great paper from Orange Tsai about unicode transformations: worst.fit/assets/EU-24...
I generated 20k vibe-coded web applications using various models via the OpenRouter API and analyzed them for security issues.
The apps are available for download if anyone wants to take a look.
www.invicti.com/blog/securit...
My favorite talk from #38c3: From Pegasus to Predator - The evolution of Commercial Spyware on iOS - media.ccc.de/v/38c3-from-...
harisec
harisec
harisec
harisec
harisec
harisec
harisec
OpenAI o3 model just achieved unbelievable scores (75% and 87%) on ARC-AGI, the previous models made maximum 20% and humans make around 85%. arcprize.org/blog/oai-o3-...
Here are the slides from my @tumpicon.org talk: Teaching LLMs how to XSS - An introduction to fine-tuning and reinforcement learning (using your own GPU)
docs.google.com/presentation...
Learn how attackers can exploit LLM tool usage and MCP servers, why this expands the attack surface, and how automated DAST scanning strengthens LLM security in web applications.
The Assistant Prefill feature available in many LLMs can open up models to jailbreaking, including the possibility of persistent prefills to bypass LLM safety alignments.
