Peter Stöckli
@ulldma.bsky.social
Security Researcher and Software Engineer at GitHub Security Lab
Check out how my colleague Man Yue Mo and I used LLMs to triage CodeQL results. The GitHub Security Lab Taskflow Agent and the prompts we used are open source and ready to be used!
github.blog/security/ai-...
github.blog/security/ai-...
January 21, 2026 at 1:51 PM
Check out how my colleague Man Yue Mo and I used LLMs to triage CodeQL results. The GitHub Security Lab Taskflow Agent and the prompts we used are open source and ready to be used!
github.blog/security/ai-...
github.blog/security/ai-...
Reposted by Peter Stöckli
This is amazing. Use a SAST to detect security issues, and then triage those alerts with LLMs, to remove false positives and focus on real and exploitable issues.
And of course, the framework is open source.
And of course, the framework is open source.
Learn how we triage security alerts in GitHub Actions and JavaScript projects with the new GitHub Security Lab Taskflow Agent, and leverage LLM to focus on the exploitable vulnerabilities. github.blog/security/ai-...
AI-supported vulnerability triage with the GitHub Security Lab Taskflow Agent
Learn how we are using the newly released GitHub Security Lab Taskflow Agent to triage categories of vulnerabilities.
github.blog
January 21, 2026 at 5:11 AM
This is amazing. Use a SAST to detect security issues, and then triage those alerts with LLMs, to remove false positives and focus on real and exploitable issues.
And of course, the framework is open source.
And of course, the framework is open source.
Reposted by Peter Stöckli
Learn how we triage security alerts in GitHub Actions and JavaScript projects with the new GitHub Security Lab Taskflow Agent, and leverage LLM to focus on the exploitable vulnerabilities. github.blog/security/ai-...
AI-supported vulnerability triage with the GitHub Security Lab Taskflow Agent
Learn how we are using the newly released GitHub Security Lab Taskflow Agent to triage categories of vulnerabilities.
github.blog
January 20, 2026 at 10:33 PM
Learn how we triage security alerts in GitHub Actions and JavaScript projects with the new GitHub Security Lab Taskflow Agent, and leverage LLM to focus on the exploitable vulnerabilities. github.blog/security/ai-...
Reposted by Peter Stöckli
Excited to share our open source agentic framework for security research, a collaborative framework that lets the community share AI "taskflows”! Read @kevinbackhouse.bsky.social 's blog post for details and a demo. Join us in strengthening open-source security! github.blog/security/com...
Community-powered security with AI: an open source framework for security research
Announcing GitHub Security Lab Taskflow Agent, an open source and collaborative framework for security research with AI.
github.blog
January 14, 2026 at 11:24 PM
Excited to share our open source agentic framework for security research, a collaborative framework that lets the community share AI "taskflows”! Read @kevinbackhouse.bsky.social 's blog post for details and a demo. Join us in strengthening open-source security! github.blog/security/com...
I don't know who needs to hear this:
if you're thinking about automating a trivial task for the third time: just do it now!
It doesn't need to be something complicated, often a shell script is enough. $1 refers to the first argument passed to the shell script. (noted so I don't forget 😉)
if you're thinking about automating a trivial task for the third time: just do it now!
It doesn't need to be something complicated, often a shell script is enough. $1 refers to the first argument passed to the shell script. (noted so I don't forget 😉)
January 14, 2026 at 8:48 AM
I don't know who needs to hear this:
if you're thinking about automating a trivial task for the third time: just do it now!
It doesn't need to be something complicated, often a shell script is enough. $1 refers to the first argument passed to the shell script. (noted so I don't forget 😉)
if you're thinking about automating a trivial task for the third time: just do it now!
It doesn't need to be something complicated, often a shell script is enough. $1 refers to the first argument passed to the shell script. (noted so I don't forget 😉)
Einstein said: “Insanity is doing the same thing over and over again and expecting different results.”
It looks like Einstein never used LLMs.
It looks like Einstein never used LLMs.
January 5, 2026 at 1:06 PM
Einstein said: “Insanity is doing the same thing over and over again and expecting different results.”
It looks like Einstein never used LLMs.
It looks like Einstein never used LLMs.
Reposted by Peter Stöckli
GitHub Security Lab discovered a critical vulnerability in WooCommerce. We’d like to thank WooCommerce/Automattic for their incredibly quick response and fix of the vulnerability.
If you are using WooCommerce, please update. For more info see:
developer.woocommerce.com/2025/12/22/s...
If you are using WooCommerce, please update. For more info see:
developer.woocommerce.com/2025/12/22/s...
Store API Vulnerability Patched in WooCommerce 8.1+ - What You Need To Know
A critical vulnerability in WooCommerce 8.1+ has been patched. We strongly recommend updating immediately.
developer.woocommerce.com
December 23, 2025 at 4:53 PM
GitHub Security Lab discovered a critical vulnerability in WooCommerce. We’d like to thank WooCommerce/Automattic for their incredibly quick response and fix of the vulnerability.
If you are using WooCommerce, please update. For more info see:
developer.woocommerce.com/2025/12/22/s...
If you are using WooCommerce, please update. For more info see:
developer.woocommerce.com/2025/12/22/s...
Reposted by Peter Stöckli
Hack.Commit.Push Switzerland is just one week away! 🇨🇭
This is a great opportunity to get involved in Open Source projects like @assertj.github.io, with direct guidance from the maintainers!
This is a great opportunity to get involved in Open Source projects like @assertj.github.io, with direct guidance from the maintainers!
The next edition of Hack.Commit.Push Switzerland🇨🇭will take place in Rotkreuz LU this November 22nd. Care to join us for some Open Source hacking? It’s for a good cause!
switzerland2025.hack-commit-pu.sh
switzerland2025.hack-commit-pu.sh
hack-commit-push · One Day to Contribute to Open Source
switzerland2025.hack-commit-pu.sh
November 13, 2025 at 10:31 AM
Hack.Commit.Push Switzerland is just one week away! 🇨🇭
This is a great opportunity to get involved in Open Source projects like @assertj.github.io, with direct guidance from the maintainers!
This is a great opportunity to get involved in Open Source projects like @assertj.github.io, with direct guidance from the maintainers!
Reposted by Peter Stöckli
🚀 GitHub is making Actions more secure by default
We recently announced upcoming changes to the pull_request_target event and environment protection rules to make GitHub Actions more secure by default.
We’ve opened a discussion to gather feedback 👇
🔗 github.com/orgs/communi...
We recently announced upcoming changes to the pull_request_target event and environment protection rules to make GitHub Actions more secure by default.
We’ve opened a discussion to gather feedback 👇
🔗 github.com/orgs/communi...
Towards a secure by default GitHub Actions · community · Discussion #179107
Why are you starting this discussion? Product Feedback What GitHub Actions topic or product is this about? Workflow Configuration Discussion Details Today, GitHub announced upcoming changes to the ...
github.com
November 11, 2025 at 6:38 PM
🚀 GitHub is making Actions more secure by default
We recently announced upcoming changes to the pull_request_target event and environment protection rules to make GitHub Actions more secure by default.
We’ve opened a discussion to gather feedback 👇
🔗 github.com/orgs/communi...
We recently announced upcoming changes to the pull_request_target event and environment protection rules to make GitHub Actions more secure by default.
We’ve opened a discussion to gather feedback 👇
🔗 github.com/orgs/communi...
Reposted by Peter Stöckli
🎉 It’s Friday at #EkoParty!
Join us at the GitHub booth at 15:30 for the GitHub Quiz 🧠
Test your security knowledge, win exclusive GitHub swag, grab some stickers, and chat with our experts!
👉 gh.io/eko
Join us at the GitHub booth at 15:30 for the GitHub Quiz 🧠
Test your security knowledge, win exclusive GitHub swag, grab some stickers, and chat with our experts!
👉 gh.io/eko
GitHub Security Lab
Securing open source software, together.
gh.io
October 24, 2025 at 2:10 PM
Reposted by Peter Stöckli
We're taking action to make the npm supply chain stronger and harder to attack. 🛡️
Check out our plan to create a more secure future for the JavaScript community.👇
https://github.blog/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/
Check out our plan to create a more secure future for the JavaScript community.👇
https://github.blog/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/
Our plan for a more secure npm supply chain
GitHub is strengthening npm's security with stricter authentication, granular tokens, and enhanced trusted publishing.
github.blog
September 30, 2025 at 3:55 PM
We're taking action to make the npm supply chain stronger and harder to attack. 🛡️
Check out our plan to create a more secure future for the JavaScript community.👇
https://github.blog/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/
Check out our plan to create a more secure future for the JavaScript community.👇
https://github.blog/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/
Reposted by Peter Stöckli
Recent account takeovers and attacks on package registries are a wake-up call: it's time to raise the bar on authentication and secure publishing practices. Find out what npm is doing—and what steps you can take—to help secure the open source supply chain: github.blog/security/sup...
Our plan for a more secure npm supply chain
GitHub is strengthening npm's security with stricter authentication, granular tokens, and enhanced trusted publishing.
github.blog
September 23, 2025 at 4:11 PM
Recent account takeovers and attacks on package registries are a wake-up call: it's time to raise the bar on authentication and secure publishing practices. Find out what npm is doing—and what steps you can take—to help secure the open source supply chain: github.blog/security/sup...
Reposted by Peter Stöckli
I have often stated that well-implemented memory tagging will be a game changer for memory corruptions. And it seems that with the next iPhone it's finally here: security.apple.com/blog/memory-...
Blog - Memory Integrity Enforcement: A complete vision for memory safety in Apple devices - Apple Security Research
Memory Integrity Enforcement (MIE) is the culmination of an unprecedented design and engineering effort spanning half a decade that combines the unique strengths of Apple silicon hardware with our adv...
security.apple.com
September 10, 2025 at 8:06 AM
I have often stated that well-implemented memory tagging will be a game changer for memory corruptions. And it seems that with the next iPhone it's finally here: security.apple.com/blog/memory-...
Reposted by Peter Stöckli
What if attackers could hijack your coding agent through a simple GitHub issue?
Prompt injections are a real and growing threat for VS Code Copilot Agent.
Learn how these attacks work and how you can defend your environment.
Read the full research: github.blog/security/vul...
Prompt injections are a real and growing threat for VS Code Copilot Agent.
Learn how these attacks work and how you can defend your environment.
Read the full research: github.blog/security/vul...
Safeguarding VS Code against prompt injections
See how to reduce the risks of an indirect prompt injection, such as the exposure of confidential files or the execution of code without the user's consent.
github.blog
August 25, 2025 at 5:53 PM
What if attackers could hijack your coding agent through a simple GitHub issue?
Prompt injections are a real and growing threat for VS Code Copilot Agent.
Learn how these attacks work and how you can defend your environment.
Read the full research: github.blog/security/vul...
Prompt injections are a real and growing threat for VS Code Copilot Agent.
Learn how these attacks work and how you can defend your environment.
Read the full research: github.blog/security/vul...
Reposted by Peter Stöckli
Today I have a more serious topic than usual, please consider reposting for reach:
My wife and I are urgently looking for a specialist in neuropediatrics or a similar field for our autistic child with a diagnosed, but not further specified, movement disorder [1/4]
My wife and I are urgently looking for a specialist in neuropediatrics or a similar field for our autistic child with a diagnosed, but not further specified, movement disorder [1/4]
August 19, 2025 at 8:34 AM
Today I have a more serious topic than usual, please consider reposting for reach:
My wife and I are urgently looking for a specialist in neuropediatrics or a similar field for our autistic child with a diagnosed, but not further specified, movement disorder [1/4]
My wife and I are urgently looking for a specialist in neuropediatrics or a similar field for our autistic child with a diagnosed, but not further specified, movement disorder [1/4]
Reposted by Peter Stöckli
🚀 GitHub is on a mission to supercharge open-source security! We've partnered with 71 key open-source projects, giving them tools, funding, and playbooks to boost security. 🔐
Want your project to be part of this effort? Now’s the time to get involved! 💪
🔗 Find out more: github.blog/open-source/...
Want your project to be part of this effort? Now’s the time to get involved! 💪
🔗 Find out more: github.blog/open-source/...
Securing the supply chain at scale: Starting with 71 important open source projects
Learn how the GitHub Secure Open Source Fund helped 71 open source projects significantly improve their security posture.
github.blog
August 11, 2025 at 5:28 PM
🚀 GitHub is on a mission to supercharge open-source security! We've partnered with 71 key open-source projects, giving them tools, funding, and playbooks to boost security. 🔐
Want your project to be part of this effort? Now’s the time to get involved! 💪
🔗 Find out more: github.blog/open-source/...
Want your project to be part of this effort? Now’s the time to get involved! 💪
🔗 Find out more: github.blog/open-source/...
Reposted by Peter Stöckli
August 11, 2025 at 8:49 AM
Reposted by Peter Stöckli
I'm coming to Switzerland! Join me at the Microsoft Azure Zürich User Group in only a few weeks from now: www.meetup.com/de-DE/micros...
[In Person] Troy Hunt Have I Been Pwned Alpine Grand Tour Zürich , Di., 17. Juni 2025, 18:00 | Meetup
**IN-PERSON** Troy Hunt meetup at **Kraftwerk in Zurich**
This meetup is a collaboration between several Swiss User Groups:
[Azure Zurich User Group ](https://www.azurezur
www.meetup.com
May 27, 2025 at 12:04 AM
I'm coming to Switzerland! Join me at the Microsoft Azure Zürich User Group in only a few weeks from now: www.meetup.com/de-DE/micros...
Reposted by Peter Stöckli
Our team member Man Yue Mo is back, showing a new way to bypass MTE protection on Android phones with CVE-2025-0072. github.blog/security/vul...
Bypassing MTE with CVE-2025-0072
See how a vulnerability in the Arm Mali GPU can be exploited to gain kernel code execution even when Memory Tagging Extension (MTE) is enabled.
github.blog
May 23, 2025 at 2:52 PM
Our team member Man Yue Mo is back, showing a new way to bypass MTE protection on Android phones with CVE-2025-0072. github.blog/security/vul...
Reposted by Peter Stöckli
Next Monday I'm doing a 2h webinar on files as seen through the eyes of a cybersecurity researcher. This will cover useful stuff for programmers, more junior pentesters, and other tech enthusiasts who enjoy knowing how stuff works on a computer :)
hexarcana.ch/lp/files/?ut...
hexarcana.ch/lp/files/?ut...
Files through the eyes of a hacker
hexarcana.ch
March 26, 2025 at 8:54 AM
Next Monday I'm doing a 2h webinar on files as seen through the eyes of a cybersecurity researcher. This will cover useful stuff for programmers, more junior pentesters, and other tech enthusiasts who enjoy knowing how stuff works on a computer :)
hexarcana.ch/lp/files/?ut...
hexarcana.ch/lp/files/?ut...
In this demonstration I show the impact of CVE-2025-25291/CVE-2025-25292, an authentication bypass in ruby-saml used by high profile OSS projects such as GitLab. My team coordinated with both the ruby-saml maintainer and GitLab to get this vulnerability fixed and patches are available at gh.io/glfx
March 13, 2025 at 4:08 PM
In this demonstration I show the impact of CVE-2025-25291/CVE-2025-25292, an authentication bypass in ruby-saml used by high profile OSS projects such as GitLab. My team coordinated with both the ruby-saml maintainer and GitLab to get this vulnerability fixed and patches are available at gh.io/glfx
If you're using ruby-saml or omniauth-saml for SAML authentication make sure to update these libraries as fast as possible! Fixes for two critical authentication bypass vulnerabilities were published today (CVE-2025-25291 + CVE-2025-25292).
github.blog/security/sig...
github.blog/security/sig...
Sign in as anyone: Bypassing SAML SSO authentication with parser differentials
Critical authentication bypass vulnerabilities were discovered in ruby-saml up to version 1.17.0. See how they were uncovered.
github.blog
March 12, 2025 at 9:50 PM
If you're using ruby-saml or omniauth-saml for SAML authentication make sure to update these libraries as fast as possible! Fixes for two critical authentication bypass vulnerabilities were published today (CVE-2025-25291 + CVE-2025-25292).
github.blog/security/sig...
github.blog/security/sig...
Reposted by Peter Stöckli
In this blog post, we detail newly discovered authentication bypass vulnerabilities in the ruby-saml library used for single sign-on (SSO) via SAML on the service provider (application) side. github.blog/security/sig...
Sign in as anyone: Bypassing SAML SSO authentication with parser differentials
Critical authentication bypass vulnerabilities were discovered in ruby-saml up to version 1.17.0. See how they were uncovered.
github.blog
March 12, 2025 at 9:34 PM
In this blog post, we detail newly discovered authentication bypass vulnerabilities in the ruby-saml library used for single sign-on (SSO) via SAML on the service provider (application) side. github.blog/security/sig...
Reposted by Peter Stöckli
Hello from the GitHub Security Lab!
We are a team of security experts who cultivate a collaborative community where developers and security professionals come together to secure open source software.
We are a team of security experts who cultivate a collaborative community where developers and security professionals come together to secure open source software.
February 6, 2025 at 8:29 AM
Hello from the GitHub Security Lab!
We are a team of security experts who cultivate a collaborative community where developers and security professionals come together to secure open source software.
We are a team of security experts who cultivate a collaborative community where developers and security professionals come together to secure open source software.
Reposted by Peter Stöckli
Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more! github.blog/security/vul...
January 22, 2025 at 6:16 PM
Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more! github.blog/security/vul...