mbg
LightNews LightNews
banner
mbrg0.bsky.social
mbg
@mbrg0.bsky.social
860 followers 7 following 26 posts
Breaking AI. Building @zenitysec, lead @owaspnocode, columnist @DarkReading
Posts Replies Media Videos
mbrg0.bsky.social
join us tmrw! its going to be .. well .. we've got something for everybody!

blackhat[.]com/us-25/briefings/schedule/index.html#ai-enterprise-compromise---0click-exploit-methods-46442
Attackers celebrate, defenders face palm.
August 5, 2025 at 7:02 PM
Reposted by mbg
quinnypig.com
You missed one thing in your (excellent) analysis: the attacker was clever enough to pull this off (and it is amazingly done), but still wasn't able to solve for Amazon Q CLI's dogshit ergonomics.
July 25, 2025 at 1:01 AM
mbrg0.bsky.social
a woman is drinking a cup of coffee while wearing a blue tank top .
ALT: a woman is drinking a cup of coffee while wearing a blue tank top .
media.tenor.com
July 25, 2025 at 10:06 AM
mbrg0.bsky.social
this could have been much worse
bsky.app/profile/mbrg...
mbrg0.bsky.social mbg @mbrg0.bsky.social · Jul 24
After several hours of GitHub dorking on the Amazon Q infection we have:
- hacker's user and intent
- downloader
- prompt payload
- evasion techniques
- timeline from july 13 thru was mitigation and cover

big open questions: how did lkmanka58 gain initial access? is this the only user involved?
The malicious prompt
July 24, 2025 at 11:31 PM
mbrg0.bsky.social
down the rabbit hole
www.mbgsec.com/posts/2025-0...
Initial access remains unclear
July 24, 2025 at 1:35 PM
mbrg0.bsky.social
here we go www.blackhat.com/us-25/briefi...
Black Hat
Black Hat
www.blackhat.com
May 12, 2025 at 11:04 PM
mbrg0.bsky.social
more ->
www.mbgsec.com/posts/2025-0...
The Vibe at OpenAI’s Inaugural Security Research Conf
The conversation around AI is always about vibes. So let’s talk about the vibes at OpenAI’s inaugural Security Research Conference last week.
www.mbgsec.com
May 6, 2025 at 3:08 PM