Today in InfoSec Job Security News:
Uncategorized
153
Posts
118
Posters
15
Views
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog
So just make a bot that goes around behind claude and files a vuln bug and lists the revert as the fix. -
@GossiTheDog
So just make a bot that goes around behind claude and files a vuln bug and lists the revert as the fix.@GossiTheDog
Nvm these are commits, not prs. -
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
Is there a cwe (common weakness enumeration) for AI slop usage already?
-
@da_667 @GossiTheDog took me a while but I finally thought of something :
Who says AI hasn't generated any real value? It's doing wonders for the threat actors
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog I'm anti-AI. I used program generators long ago - they didn't work. They aren't maintainable. Major updates required complete rewrites.
Now there's AI. It's a manager's wet dream...until it isn't.
...but look how productive AI is. It can whip out code as fast as a gossip can spread noise. Sure, there will be glitches, but they'll be fixed when found.
What about the $$$$$ liability of glitches that are not found?
-
We don't need Skynet becoming sentient to trigger the End o' Days.
We got Claude, happily vibing/making 2.1M commits while we were asleep.😴
-
We don't need Skynet becoming sentient to trigger the End o' Days.
We got Claude, happily vibing/making 2.1M commits while we were asleep.😴
@funnymonkey @GossiTheDog Insert Mickey Mouse as the Sorcerer's Apprentice, and all those animated mops carrying pails of water...
-
@funnymonkey @GossiTheDog Insert Mickey Mouse as the Sorcerer's Apprentice, and all those animated mops carrying pails of water...
@carpetbomberz @funnymonkey @GossiTheDog
this. Exactly this.
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog That #claude #AI has been created to solve the „we have too much electricity“ problem.
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog It's almost like, maybe, only humans should program computers. Computers should not be submitting and merging their own PRs, am I right ?
-
@GossiTheDog It's almost like, maybe, only humans should program computers. Computers should not be submitting and merging their own PRs, am I right ?
@GossiTheDog "AI" is the cryptocurrency of IT.
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog https://github.com/claude right now showing "Something went wrong, please refresh the page to try again." Yeah, dude.
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog i keep waiting for a scandal to break out about this, but it never comes
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
Makes me wonder if this is a effort by "closed source" to disrupt/poison/discredit open source? 🤔
-
@nihkeys @DJGummikuh @GossiTheDog I don't think that phrase allows for incompetency in design. The purpose is what was intended, not what actually results. There is a distinction.
@draeath @nihkeys @DJGummikuh @GossiTheDog If it was an accident, or incompetence, then it would be rapidly corrected.
If it's not rapidly corrected, then it is the purpose.
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog @deliberately_me oh goodie. Our global repository has been compromised by a worm.
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog loltears. ie. fools suffer consequences of being fools, but at scale
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog Fortunately, I can choose to not engage.
Gli ultimi otto messaggi ricevuti dalla Federazione
-
🎉Il nostro canale telegram ha raggiunto quota 2000 iscritti!🎊
Lanciamo quindi un sondaggio per capire l'età media dei nostri iscritti al canale (non all'account Mastodon)
NB: il sondaggio è "anonimo" ma per ricordate che Durov potrebbe non esserlo
-
@kenobit Gente che sta cercando in tutti i modi di diventare mega ricca.
-
Dall'articolo (meraviglioso, l'ho divorato)
postato da @informapirata" Come pensa la macchina:un LLM smontato pezzo per pezzo "
(Cit.)
>>ogni token generato è un lancio di dado. La "intelligenza" apparente dell'output è il risultato di miliardi di parametri calibrati per dare i pesi giusti al dado. Ma resta un dado. Non c'è ragionamento, non c'è pianificazione, non c'è verifica. Il modello non "sa" che la prossima parola è giusta. Sa che è probabile. E probabile non significa corretto.
_____________Una AI non capisce nulla. Dunque di intelligenza non ce n'è. E' un sofisticato lanciatore di dadi, un velocissimo calcolatore di probabilità che assembla testo non perchè capisce di cosa "parla", ma solo scegliendo parole da accodare una all'altra tramite calcoli di probabilità guidati da regolette.
Traduco in modo più semplice: non ci capisce una mazza di quel che scrive, ma ha un sistema per generare testi plausibili , scegliendo una dopo l'altra parole che accostate, probabilmente (!) , hanno un senso. Talvolta ci azzecca. Tutto qui.
Quindi ti da l'impressione di "sapere", di "capire" ecc., ma in realtà stai parlando con uno che letteralmente da i numeri, pesando quei numeri per sembrare ragionevole. MA non ci sta comunque capendo una beatissima mazza.
Leggetelo, è ultra comprensibile e spiega tanto sulle "AI" in modo semplice.
-
@ziriuz84 @kenobit mi inserisco, non per spammare, ma per dare anche la mia visione (soggettiva ergo opinabile) sulle AI e sull'epoca di soglia che stiamo vivendo.
https://tommasin.org/blog/2026-02-16/lessere-umano-nellera-delle-ai-tra-cogito-senso-e-realta/
-
@kenobit I fuffaroli sono sempre gli stessi. E purtroppo fanno male all'ecosistema stesso per cui fanno più rumore loro e si vedono meno le applicazioni realmente interessanti e fattibili.
-
-
Nanaka 6/17
-
@kenobit giusto un esempio (si scopre seguendo il thread) https://social.treehouse.systems/@ariadne/116065110159362969
