ADArshan Dabirsiaghiinnahsra.hashnode.dev·Jul 22, 2025 · 4 min readExploit VerificationToday marks an exciting day for all of us here at Pixee, and maybe in appsec? Excuse me some founder panaché. The Problem: Proving Exploitability Is Hard One of the hardest, most detail-oriented, and time consuming things to do with SAST is to try to...02SR
ADArshan Dabirsiaghiinnahsra.hashnode.dev·Jul 10, 2025 · 4 min readSAST is just crazy bad at XSSXSS is one of the more serious things in appsec, and it's pretty prevalent. It’s also one of those things that is super hard to find accurately via static analysis. And, vendors don’t want to miss it — so, typically any data that gets to a response, ...01R
ADArshan Dabirsiaghiinnahsra.hashnode.dev·Mar 31, 2025 · 3 min read"LLMs Can't Reason"The top post on HN right now (well, yesterday) is about speaking more directly in the age of LLM "fluff". I have nothing to say about the piece’s main points. But, a sentence caught my eye that never seems to receive any pushback: While it's true th...00
ADArshan Dabirsiaghiinnahsra.hashnode.dev·Dec 30, 2024 · 3 min readModel providers give good advice for a changeThis is a great piece by Anthropic. Usually the model providers push you towards complex, high maintenance, and ultimately flakey solutions. This resonates. It seems we all now agree that LLMs are primarily good at data extraction, data summarization...00
ADArshan Dabirsiaghiinnahsra.hashnode.dev·Sep 25, 2024 · 3 min readA note from the AI front linesAI rightfully refuses to relinquish its place in our cultural conversation, and so I thought I'd share a few interesting things we've noticed at Pixee making an AI product security engineer. I hope that others might find validation, understanding, or...00
