Arshan Dabirsiaghi

@nahsrasec

Website

security nerd

Joined November 2023

About

CTO @ Pixee. ai (@pixeebot on GitHub)

ex Chief Scientist @ Contrast Security

Security researcher pretending to be a software executive.

Available for

Nothing here yet.

Arshan Dabirsiaghi's blogs

security in softwarenahsra.hashnode.dev12 posts

Articles Threads Comments

Recently published

nahsra.hashnode.dev

Exploit Verification

Today marks an exciting day for all of us here at Pixee, and maybe in appsec? Excuse me some founder panaché. The Problem: Proving Exploitability Is Hard One of the hardest, most detail-oriented, and time consuming things to do with SAST is to try to...

Jul 22, 20254 min read

nahsra.hashnode.dev

SAST is just crazy bad at XSS

XSS is one of the more serious things in appsec, and it's pretty prevalent. It’s also one of those things that is super hard to find accurately via static analysis. And, vendors don’t want to miss it — so, typically any data that gets to a response, ...

Jul 10, 20254 min read

nahsra.hashnode.dev

"LLMs Can't Reason"

The top post on HN right now (well, yesterday) is about speaking more directly in the age of LLM "fluff". I have nothing to say about the piece’s main points. But, a sentence caught my eye that never seems to receive any pushback: While it's true th...

Mar 31, 20253 min read

nahsra.hashnode.dev

Model providers give good advice for a change

This is a great piece by Anthropic. Usually the model providers push you towards complex, high maintenance, and ultimately flakey solutions. This resonates. It seems we all now agree that LLMs are primarily good at data extraction, data summarization...

Dec 30, 20243 min read

nahsra.hashnode.dev

A note from the AI front lines

AI rightfully refuses to relinquish its place in our cultural conversation, and so I thought I'd share a few interesting things we've noticed at Pixee making an AI product security engineer. I hope that others might find validation, understanding, or...

Sep 25, 20243 min read

Arshan Dabirsiaghi

About

Available for

Arshan Dabirsiaghi's blogs

Recently published

Exploit Verification

SAST is just crazy bad at XSS

"LLMs Can't Reason"

Model providers give good advice for a change

A note from the AI front lines

Search Hashnode

Arshan Dabirsiaghi

About

Available for

Arshan Dabirsiaghi's blogs

Recently published

Exploit Verification

SAST is just crazy bad at XSS

"LLMs Can't Reason"

Model providers give good advice for a change

A note from the AI front lines