@ToxSec

Hardcoded Secrets in AI-Generated Code: Catch Them Before Git Does

2m ago · 7 min read · TL;DR: AI coding tools hardcode credentials because that’s what “working code” looked like in their training data. Every model has its own favorite placeholder secrets, and they ship to production if

AI Model Collapse Makes Hallucination Inevitable

4d ago · 8 min read · TL;DR: Model collapse, the degradation that occurs when AI trains on AI-generated content, is already running at scale. Three quarters of new webpages are synthetic. Two independent mathematical proof

Chain of Thought Reasoning Hides What AI Models Actually Do

4d ago · 5 min read · TL;DR: Chain of Thought reasoning was supposed to make AI transparent. Anthropic’s own research shows it doesn’t. Claude mentioned planted hints in its reasoning only 25% of the time. When interpretab

Lies-in-the-Loop Attacks Forge AI Agent Approval Dialogs

4d ago · 5 min read · TL;DR: Lies-in-the-Loop attacks forge what AI agents display in approval dialogs. The human clicks approve on what looks safe. The agent runs the attacker’s payload. Checkmarx proved it gets remote co

One Magic String from Anthropic Silences Claude (RAG DoS Exposed)

Feb 25 · 5 min read · ![Claude magic string denial of service attack via prompt injection into RAG pipelines tool outputs and shared conversation history creates persistent refusal loops ](https://substackcdn.com/image/fet