Nathan Hamiel
@nhamiel.bsky.social
Senior Director of Research. Black Hat Review Board Member (AI, ML, and DS track lead) and International public speaker. I focus on emerging technologies and risks at the intersection of humanity and tech. Hype Critic. My writing: https://perilous.tech
This Clinejection write-up is great, and I learned some things about GitHub actions caching, too. We experienced the same during our research for our Black Hat USA 2025 talk on attacking AI-powered developer productivity tools. adnanthekhan.com/posts/clinej...
Clinejection — Compromising Cline's Production Releases just by Prompting an Issue Triager | Adnan Khan - Security Research
Clinejection — Compromising Cline's Production Releases just by Prompting an Issue Triager - Security research by adnanthekhan
adnanthekhan.com
February 18, 2026 at 12:18 PM
This Clinejection write-up is great, and I learned some things about GitHub actions caching, too. We experienced the same during our research for our Black Hat USA 2025 talk on attacking AI-powered developer productivity tools. adnanthekhan.com/posts/clinej...
If there was a killer use case for this "powerful agentic experience," surely they'd be touting it. But instead we are sold the ability to do things we can already do, just with less security and privacy.
February 17, 2026 at 3:38 PM
If there was a killer use case for this "powerful agentic experience," surely they'd be touting it. But instead we are sold the ability to do things we can already do, just with less security and privacy.
I'll be speaking at Applied Machine Learning Days in Switzerland next week on the topic of AI Secure By Design. I discuss our AI Actor-based threat analysis method to simplify threat identification and get to value quickly.
February 5, 2026 at 3:00 PM
I'll be speaking at Applied Machine Learning Days in Switzerland next week on the topic of AI Secure By Design. I discuss our AI Actor-based threat analysis method to simplify threat identification and get to value quickly.
Proof that dudes will engineer systems burning hotter than the sun to avoid actually talking to women. Women, who I imagine are flocking in droves to this site 😆 This is going great! The crypto aspect is the icing on the cake. The trajectory is clear.
February 3, 2026 at 12:56 PM
Proof that dudes will engineer systems burning hotter than the sun to avoid actually talking to women. Women, who I imagine are flocking in droves to this site 😆 This is going great! The crypto aspect is the icing on the cake. The trajectory is clear.
Here we continue our technical write-ups of the exploitation of AI-powered developer productivity tools from Black Hat USA with Qodo. The takeaway here is that knowing prompt injection isn’t enough.
kudelskisecurity.com/research/qod...
kudelskisecurity.com/research/qod...
How We Exploited Qodo: From a PR Comment to RCE and an AWS Admin Key - Leaked Twice - Kudelski Security Research Center
Jan 15, 2026 - Nils Amiet -
kudelskisecurity.com
January 30, 2026 at 2:53 PM
Here we continue our technical write-ups of the exploitation of AI-powered developer productivity tools from Black Hat USA with Qodo. The takeaway here is that knowing prompt injection isn’t enough.
kudelskisecurity.com/research/qod...
kudelskisecurity.com/research/qod...
Literacy is our greatest weapon to remain robust and defend our humanity in this invasive, modern environment. Here, I recommend 7 books to create more robust humans. And yes, Huxley was right.
perilous.tech/7-books-for-...
perilous.tech/7-books-for-...
January 28, 2026 at 2:15 PM
Literacy is our greatest weapon to remain robust and defend our humanity in this invasive, modern environment. Here, I recommend 7 books to create more robust humans. And yes, Huxley was right.
perilous.tech/7-books-for-...
perilous.tech/7-books-for-...
Hmm... The previous term was terrifying. Where could we look to find something more palatable? I know, dystopian science fiction!!!
January 27, 2026 at 4:17 PM
Hmm... The previous term was terrifying. Where could we look to find something more palatable? I know, dystopian science fiction!!!
The lengths people won't go to get themselves owned. This has been happening since 2023 with AutoGPT, only now with deeper access. This isn't rocket science, if you give something insecure complete and unfettered access to your system and sensitive data, you're going to get owned.
January 26, 2026 at 1:46 PM
The lengths people won't go to get themselves owned. This has been happening since 2023 with AutoGPT, only now with deeper access. This isn't rocket science, if you give something insecure complete and unfettered access to your system and sensitive data, you're going to get owned.
Wow, I said the exact same thing back in 2024 from the stage at AgileDevOps USA. It included the specific number of 14B in losses as well. I was explaining the possibility that OpenAI could go out of business in a few years.
January 20, 2026 at 2:13 PM
Wow, I said the exact same thing back in 2024 from the stage at AgileDevOps USA. It included the specific number of 14B in losses as well. I was explaining the possibility that OpenAI could go out of business in a few years.
Treating shopping as an optimization problem could have devastating economic effects. Removing the friction from the purchasing process (aka shopping) with AI agents could cause people to buy less, not more. Retailers may want to rethink their strategy. perilous.tech/agentic-shop...
Agentic Shopping: How Silicon Valley Accidentally Destroys Retail - Perilous Tech
Recently, Google, along with Shopify, Etsy, Wayfair, and Target, created Universal Commerce Protocol. A protocol that retailers can use in their AI agents to
perilous.tech
January 16, 2026 at 3:01 PM
Treating shopping as an optimization problem could have devastating economic effects. Removing the friction from the purchasing process (aka shopping) with AI agents could cause people to buy less, not more. Retailers may want to rethink their strategy. perilous.tech/agentic-shop...
Please don't listen to me or anyone else making AI predictions for 2026. With that said, here's my 6 AI predictions for 2026 😆 perilous.tech/6-ai-predict...
6 AI Predictions For 2026 - Perilous Tech
Regardless of my opinion on tech predictions, people seem to love hearing them. While I was at the AI Security Summit in London, several people asked me for
perilous.tech
January 12, 2026 at 2:52 PM
Please don't listen to me or anyone else making AI predictions for 2026. With that said, here's my 6 AI predictions for 2026 😆 perilous.tech/6-ai-predict...
My favorite paper at the moment. If the notebook had numbered pages and a table of contents that would make it even better.
January 9, 2026 at 6:00 PM
My favorite paper at the moment. If the notebook had numbered pages and a table of contents that would make it even better.
Nothing to worry about. It supports MFA and military-grade encryption.😆 "The company analyzed deidentified ChatGPT conversations and found that more than 230 million people globally ask health-and wellness-related questions on ChatGPT every week.”
January 8, 2026 at 2:27 PM
Nothing to worry about. It supports MFA and military-grade encryption.😆 "The company analyzed deidentified ChatGPT conversations and found that more than 230 million people globally ask health-and wellness-related questions on ChatGPT every week.”
The misconception that LLMs should be the first port of call for any and all problems and efficiencies can only arise in an era of hype and a lack of work experience. Anyone who’s had a job before has seen inefficiencies that could easily be addressed without advanced technology.
January 7, 2026 at 4:42 PM
The misconception that LLMs should be the first port of call for any and all problems and efficiencies can only arise in an era of hype and a lack of work experience. Anyone who’s had a job before has seen inefficiencies that could easily be addressed without advanced technology.
An AI consequence, completely obvious in hindsight. People slopufacturing evidence not to taint the environment, but to help and boost their social currency. When “clean up this photo” puts a new face on a perpetrator, alternate realities are created. www.theverge.com/news/776793/...
Internet detectives are misusing AI to find Charlie Kirk’s alleged shooter
AI ‘enhancements’ might add details that don’t exist.
www.theverge.com
September 12, 2025 at 3:02 PM
An AI consequence, completely obvious in hindsight. People slopufacturing evidence not to taint the environment, but to help and boost their social currency. When “clean up this photo” puts a new face on a perpetrator, alternate realities are created. www.theverge.com/news/776793/...
Sorry, but ideas aren’t all you need, and we aren’t on the cusp of the first billion-dollar solopreneur. In this post, I look at the architects of devaluation and the architecture of slop that’s fueling misconceptions about creativity and meaning.
perilous.tech/2025/09/11/t...
perilous.tech/2025/09/11/t...
The Architects of Devaluation: The AI Slop Architecture and Its Acolytes
Weaved through the fabric of the hustle-bro culture, threaded with the drivel of influencers, lies one of the biggest cons of our current age. This is the false perception that everything we do has…
perilous.tech
September 11, 2025 at 3:38 PM
Sorry, but ideas aren’t all you need, and we aren’t on the cusp of the first billion-dollar solopreneur. In this post, I look at the architects of devaluation and the architecture of slop that’s fueling misconceptions about creativity and meaning.
perilous.tech/2025/09/11/t...
perilous.tech/2025/09/11/t...
I just got myself pumped up for the day! 😆 Occasionally this song pops into my head and I need to listen to the whole thing start to finish.
www.youtube.com/watch?v=Fow7...
www.youtube.com/watch?v=Fow7...
Monzy performs at Stanford Univ.
YouTube video by NerdcoreForLife
www.youtube.com
September 4, 2025 at 12:16 PM
I just got myself pumped up for the day! 😆 Occasionally this song pops into my head and I need to listen to the whole thing start to finish.
www.youtube.com/watch?v=Fow7...
www.youtube.com/watch?v=Fow7...
To all of the people pushing hard to coin the term “vibe security,” the joke is on you. Security has always been about vibes. 😆
September 3, 2025 at 2:29 PM
To all of the people pushing hard to coin the term “vibe security,” the joke is on you. Security has always been about vibes. 😆
I see they are remaking The Running Man, which appears to follow the book more closely. Gonna go out on a limb and say there’s a 100% chance that they don’t keep the ending 😆
August 1, 2025 at 11:59 AM
I see they are remaking The Running Man, which appears to follow the book more closely. Gonna go out on a limb and say there’s a 100% chance that they don’t keep the ending 😆
First time I’ve designed an enamel pin. Terrible picture, but you get the idea. See you at Black Hat USA!
July 31, 2025 at 5:03 PM
First time I’ve designed an enamel pin. Terrible picture, but you get the idea. See you at Black Hat USA!
Getting ready to do our first dry run of our #BlackHatUSA talk, Hack To The Future! www.youtube.com/watch?v=wBl2...
Huey Lewis & The News - The Power Of Love (Official Music Video)
YouTube video by HueyLewisTheNewsVEVO
www.youtube.com
July 31, 2025 at 12:45 PM
Getting ready to do our first dry run of our #BlackHatUSA talk, Hack To The Future! www.youtube.com/watch?v=wBl2...
It's going to be busy at both the #AISummit and #BlackHatUSA. It would be great to catch up with everyone. In addition to the briefings, I'm also hosting the AI Track Meetup and participating in the Review Board meet and greet. Come by and say hi. See you next week!
July 29, 2025 at 1:37 PM
It's going to be busy at both the #AISummit and #BlackHatUSA. It would be great to catch up with everyone. In addition to the briefings, I'm also hosting the AI Track Meetup and participating in the Review Board meet and greet. Come by and say hi. See you next week!
Thinking of prompts less as rigid, specific instructions and more as mere suggestions helps better understand what could go wrong and how to design systems that are more resilient to failure and attack. In essence, it's more prodding than programming.
July 21, 2025 at 3:26 PM
Thinking of prompts less as rigid, specific instructions and more as mere suggestions helps better understand what could go wrong and how to design systems that are more resilient to failure and attack. In essence, it's more prodding than programming.