I wrote a blog post about how I use Claude Code (and other models) in my work: invicti.com/blog/securit...
I wrote an article about how it's possible to use Assistant Prefill to jailbreak LLMs (Large Language Models).
Here is an example of the latest model from Microsoft (Phi-4) writing a phishing email:
I wrote a blog post about enumerating and testing tool usage in web applications that use LLMs:
www.invicti.com/blog/securit...
I generated 20k vibe-coded web applications using various models via the OpenRouter API and analyzed them for security issues.
The apps are available for download if anyone wants to take a look.
www.invicti.com/blog/securit...
Learn how AI tools can support security researchers in investigating vulnerabilities and designing security checks to detect them.
Here are the slides from my @tumpicon.org talk: Teaching LLMs how to XSS - An introduction to fine-tuning and reinforcement learning (using your own GPU)
docs.google.com/presentation...
harisec
harisec
Learn how attackers can exploit LLM tool usage and MCP servers, why this expands the attack surface, and how automated DAST scanning strengthens LLM security in web applications.
OpenAI o3 model just achieved unbelievable scores (75% and 87%) on ARC-AGI, the previous models made maximum 20% and humans make around 85%. arcprize.org/blog/oai-o3-...
harisec
The Assistant Prefill feature available in many LLMs can open up models to jailbreaking, including the possibility of persistent prefills to bypass LLM safety alignments.
