May 6, 2026

        May 6, 2026

May 6, 2026

        May 6, 2026

There’s something ominous about the speed with which the entire world has marched to require identification on platforms and, as I expected, begin the process of banning anonymous VPNs.
— Matthew Green (@matthew_d_green) May 5, 2026

To answer your question more realistically things take a lot of time to fix and triage and right now everyone is pretty slammed
— Dave Aitel (@daveaitel) May 5, 2026

On one level, that seems to make sense, the labs aren't that far apart in their gain-of-function research.  

On the other level, okay, where are the bugs that they're finding? Like, @daveaitel works for OpenAI, is he just saving it all for one hell of a @defcon talk? (This is… https://t.co/aboOgig2Bv
— dave kasten (@David_Kasten) May 5, 2026

LLMs becoming good at vuln-discovery and vuln-dev is really a lot of technical debt maturing suddenly, and defenders experiencing a liquidity crunch. It's not a *solvency* crunch though, so once we get through this a lot of tech debt will be paid down (altho new might be issued)
— Halvar Flake (@halvarflake) May 6, 2026

Growing up in the infosec community (and with a grandfather that was the head of the German FBI) I internalized as a young man:

Assume that everything you ever write down will be published in a hacking zine with disparaging comments, or used to try to blackmail you. https://t.co/It9mzfWJy0
— Halvar Flake (@halvarflake) May 5, 2026

Let me write it for you right now: the root private keys for .DE could have shown up on Pastebin and it still would have made more sense to keep Germany reachable than to performatively validate signatures nobody anywhere operationally cares about. https://t.co/pBYouqoCjs
— Thomas H. Ptacek (@tqbf) May 6, 2026

VIROLOGIST: “It’s bizarre, Hantavirus almost never jumps from human to human like this. Usually it’s from coming into contact with rat feces or something.”

CRUISE SHIP CHEF: “Yeah, that’s crazy, it must’ve mutated or something.”
— one dozen rats at a keyboard (@PanasonicDX4500) May 5, 2026

The internet has survived a period where a handful of late teens and early 20s kids were the only ones that knew about pre-malloc integer overflows as a bug class, and you could "grep malloc | grep \*" to find a bug in OpenSSH.

This is why I am pretty chill about Mythos.
— Halvar Flake (@halvarflake) May 5, 2026

China already has all those things though and has for over a decade ? https://t.co/qegjebgyzF
— Dave Aitel (@daveaitel) May 4, 2026

"Don't engage with that, it's rage bait from a monetized account in Nigeria" Oh and god forbid I help a Nigerian man feed his family.
— Boots, 'with the fur' (@afraidofwasps) May 4, 2026

                                Don't miss what's next. Subscribe to the grugq's newsletter:

            Email address (required)

          Add a comment:

                Share this email:

                                Share on Twitter

                                Share on Hacker News

                                Share via email

                                Share on Mastodon

                                Share on Bluesky