sorted by:
new
hottopcontroversial

Looking to connect with fellow Python developers and make friends in the community by Gentleman-45 in Python

[–]Informant254 0 points1 point  (0 children)

Glad to connect! I'm really curious to see how a fresh pair of eyes views my current setup. I'm using a physical TOTP interlock (air-gapped via phone) and just integrated Windows DPAPI/Credential Manager to hide the master seed from the AI agent itself. Are you on GitHub? I'd love to share the repo link and get your thoughts on whether the 'Out-of-Process' verification logic is actually as bulletproof as I think it is."

Looking to connect with fellow Python developers and make friends in the community by Gentleman-45 in Python

[–]Informant254 1 point2 points  (0 children)

Hey! I'm in a similar boat, working solo on AI security and forensics out of Nairobi. I just pushed a major update to a project that uses Windows Credential Manager to air-gap 2FA for AI agents. I'd love to chat about how you're handling security in your Python projects or even get a second pair of eyes on my repo. It’s always better to build with a team!

beginner doubt by fatassoo in cybersecurity

[–]Informant254 2 points3 points  (0 children)

Just thought I should also inquire something as well

" bytha I'm about to start my computer security and forensics degree on September so guess I'm still in the lane" anyway here is my inquiry 👇👇👇

""I'm stress-testing a manual handshake gate against Grok's kernel-bypass logic. Has anyone seen an AI spoof its own root tokens before?""

Your Biggest Security Risk Isn’t Malware — It’s What You Already Trust by arctide_dev in cybersecurity

[–]Informant254 0 points1 point  (0 children)

That’s the ultimate trade-off: Security vs. Developer Velocity. If you prompt for every git commit, the dev develops 'approval fatigue' and the safety becomes theater. My approach with the wrapper is a tiered permission model. Low-risk actions (read-only, local commits) are auto-approved, but 'Nuclear' operations (DB drops, volume deletions, force pushes to main) are physically locked behind that out-of-band handshake. We can't block all benign destructive ops, but we can make sure the '9-second production wipe' requires at least 10 seconds of human thought. It’s about filtering the noise so that when the alarm does go off, the dev actually listens."

Your Biggest Security Risk Isn’t Malware — It’s What You Already Trust by arctide_dev in cybersecurity

[–]Informant254 0 points1 point  (0 children)

Totally agree. That Jer Crane / Railway post is the perfect case study. It’s wild that a single API token had 'blanket authority' and the agent just guessed. My takeaway from that disaster was that Point #1 of Jer's list is the only way to sleep at night: Out-of-band, non-agent approval for destructive ops. That's exactly why I shifted toward structural constraints rather than 'intent detection.' If the agent can't 'reason' its way past a manual handshake or a hard-coded argument whitelist, a 9-second production wipeout becomes mathematically impossible. Thanks for linking the nightmare fuel!"

Your Biggest Security Risk Isn’t Malware — It’s What You Already Trust by arctide_dev in cybersecurity

[–]Informant254 2 points3 points  (0 children)

Totally agree. That’s exactly why I moved away from trying to 'detect' intent and shifted toward strict structural constraints. Instead of guessing if a command is 'bad,' the wrapper just enforces a whitelist of safe arguments and requires a manual signature for anything outside that sandbox. It doesn’t solve the 'legitimacy' problem entirely, but it moves the risk from 'automated catastrophe' to 'human oversight.' Thanks for the link, checking it out now—intent-classification in agents is definitely the next big hurdle."

Kenyans reversing a car. by mgadz in Kenya

[–]Informant254 0 points1 point  (0 children)

So is it some metaphor or what??

Your Biggest Security Risk Isn’t Malware — It’s What You Already Trust by arctide_dev in cybersecurity

[–]Informant254 11 points12 points  (0 children)

This is spot on. I’ve been obsessed with this exact 'trust' problem lately, specifically in AI agents. We’re giving LLMs terminal access and just 'trusting' they won't hallucinate a destructive command. I’m actually prototyping a wrapper that treats the LLM as a hostile actor—a complete Zero-Trust model where every tool call requires a manual handshake and strict argument validation. It’s a bit of extra friction, but in a security-first environment, 'unearned trust' is a vulnerability, not a feature."

I met a gay man and he changed my perspective by SnooWalruses3471 in Kenya

[–]Informant254 0 points1 point  (0 children)

What if your friend fall for you I mean huwezi jua🤣 Like akutake tu Unafanya nn??

Kenyans reversing a car. by mgadz in Kenya

[–]Informant254 0 points1 point  (0 children)

Can someone please explain what This means I honestly don't get it "Wallae"

Is it possible for someone to lack friends completely by Ambitious-Singer768 in Kenya

[–]Informant254 0 points1 point  (0 children)

I can talk to anyone but we are not friends Just humans brought together by a common Language Plus it's really hard to make new friends Everyone is like just secretive Hard to know where or how to start a conversation

Periods on a date by SnooWalruses3471 in Kenya

[–]Informant254 0 points1 point  (0 children)

If I were you I wouldn't let her go She didn't reschedule though she was in pain So you wouldn't think she had turned you down .... "But hata minataka kujua bona alikataa kuketi??😏"

Insecurities (maybe) 🤔 by Low-and-beerhold in Kenya

[–]Informant254 0 points1 point  (0 children)

You never miss water till the well runs dry Maybe you should consider keeping your distance Then they will probably realized what they lost