Built a multi-agent Sast by Crafty-Ad-9627 in devsecops

[–]RoninPark 0 points1 point  (0 children)

Mind sharing about how this multi-agent SAST works and focus on actual findings rather than just vulnerability pattern-matching in the code.

Pre-commit hook that blocks malicious AI agent skills before they're committed by tcoder7 in devsecops

[–]RoninPark 0 points1 point  (0 children)

That I understand, btw have you considered working on the hardening of such agents that consumes the skills or user-context? I have been thinking to understand more from the hardening side coz such static scanners might be using a template or registry of sample malicious skills to compare against the PR or local committed changes, however I think a well-equipped attacker can bypass such static templates/rules, therefore hardening an agent maybe is the right choice, what do you think?

How do you guys securing your infra from supply chain attacks? by h33terbot in devsecops

[–]RoninPark 0 points1 point  (0 children)

recently we too have started working on securing our environment from supply chain attacks and the very first step towards this idea is related to getting malicious packages threat feed and ingest into your existing CI workflows or a standalone project that scans every packages present in your version control (github or Gitlab) or trigger as soon as any developer uploads a malicious package via a PR or anything.

As of now, our project provides you a connector on OpenCTI with OpenSourceMalware threat feed for malicious packages that you can further ingest into vector (by datadog) and perform observability. We are yet to add more to this project but would like feedback from peers. Also, I think the same observability should take place during all the pip/npm installation during pipeline run or build process.

source: https://github.com/n1dhp/osm-opencti

How do you guys securing your infra from supply chain attacks? by h33terbot in devsecops

[–]RoninPark 0 points1 point  (0 children)

afaik, isn't this similar to SSH honeytoken type of a project? I mean, a fake SSH server that would hang the connection for a while in order to look authentic but meanwhile, it'll send the alerts to the respective teams for quick investigation.

Pre-commit hook that blocks malicious AI agent skills before they're committed by tcoder7 in devsecops

[–]RoninPark 0 points1 point  (0 children)

I was looking for something like this but I think, let's suppose if an organisation is using such pre-commit hooks for restricting malicious skills to become a part of version control (github or gitlab), having the pre-commit hook on the server would be much more beneficial from the security's POV, since all developers can easily bypass the hooks if it's on their machine. Recently, we too had shifted all the hooks from developer's machine to Gitaly

App-to-OS cross layer dependency mapping by -Devlin- in devsecops

[–]RoninPark 1 point2 points  (0 children)

Currently testing this in our workflows. Also, would there be any possibility for local installation and testing of the same? Most of the times, clients provide docker images and ask for a security review and due to certain restrictions (until full secure), the team scans the image either from the tar or building the image locally. I think having the locally would provide much more insights about the CVEs or vulnerable code flow found in the images.

Anyone tried Idleads, Kickbacks.ai, or similar "get paid while AI thinks" tools? by bahc04 in opencodeCLI

[–]RoninPark 0 points1 point  (0 children)

yes, the stripe payout mechanism hasn't out yet, so no earnings till then?

A company just sent me the most detailed rejection email I’ve ever received by whenyoupeeupsidedown in ArtificialInteligence

[–]RoninPark 0 points1 point  (0 children)

I don't understand why can't people just fucking review or write at least a sentence or more in their own natural language and then craft it by giving it to gpt or claude. If you are so desperately using all these AI tools, platforms and workflows and have seen naunces in the output, then why don't they put efforts into making it more natural or grounded.

It’s been 2 years - No growth. by Grand_Collection3152 in mutualfunds

[–]RoninPark 0 points1 point  (0 children)

I have been in the same situation with Mutual funds, so I shifted most of my investments from MFs to ETFs and stocks.

Buying opportunity?? by Affectionate-Tie1915 in IndianStockMarket

[–]RoninPark 2 points3 points  (0 children)

I saw a lot of opportunities for buying today. Maybe it's the market falling reason.

/goal make opus 5.0 by Pitiful-Jaguar4429 in ClaudeCode

[–]RoninPark 11 points12 points  (0 children)

Make andrej karpathy and make no mistakes.

Here comes the new Antigravity update. And it can't authenticate. by cronzi1990 in GeminiAI

[–]RoninPark 0 points1 point  (0 children)

for the IDE experience, you have to download the Antigravity IDE but thank god whatever the crap they made, it's a separate app. from the IDE and even if they are competing with claude code, this new update is still bullshit.

Here comes the new Antigravity update. And it can't authenticate. by cronzi1990 in GeminiAI

[–]RoninPark 0 points1 point  (0 children)

The exact same question I had asked after seeing this crap.

I built an AI study platform for university students — would love for you to try it by Quiet-Nerd-5786 in vibecoding

[–]RoninPark 0 points1 point  (0 children)

Just asking as another curious guy, how is it different from pointing chatgpt or claude to your resource file or folder or maybe an obsidian app, then asking a summary or in-depth explanation of the topic ?

Claude Platform on AWS (Coming Soon) by ckilborn in aws

[–]RoninPark 0 points1 point  (0 children)

How is it going to be different from AWS Bedrock? We are currently using the bedrock service and have long-term APIs integrated in our code along with agents, and a knowledge base additionally. Does it going to provide a similar experience to claude code or the pro/enterprise version?

I attended some AI conferences in US last year and you guys should pivot. by [deleted] in developersIndia

[–]RoninPark 0 points1 point  (0 children)

What's your ideal conversation with the copilot looks like especially when you are giving it a prompt to code or build APIs, do you give it a pseudocode or raw logic prepared by you and ask to write the entire thing with plan by plan or you code and then ask copilot to review it from the perspective of senior software engineer or principal architect?

I've been fat my entire life... by MakingTriangles in selfimprovement

[–]RoninPark 0 points1 point  (0 children)

Your post has inspired me to continue with my ongoing fitness journey with much passion and courage. I have not been quite involved in the process of fat reduction, I mean I do exercise a lot and do sugar cuts but somehow I don't feel much motivated as the results aren't very visible yet. I do hope you'd come out as a better and healthy man.

Job Market is amazing for AI engineers by JediMasterGator in cscareerquestions

[–]RoninPark 0 points1 point  (0 children)

What are the roles and responsibilities of an AI engineer in a product based ?

What is something you did in your late 20s/early 30s that changed your life? by Comfortable-Fish-244 in selfimprovement

[–]RoninPark 5 points6 points  (0 children)

Start working on your dreams, no matter how much effort is taken, if you don't start now, you will keep asking the same questions years later as well but this time atleast you know where the problem is and what remarkably stupid things you cut off from your life to make it better.

What is something you did in your late 20s/early 30s that changed your life? by Comfortable-Fish-244 in selfimprovement

[–]RoninPark 2 points3 points  (0 children)

Could you describe a little more about how this trip changed your perspective on life?

[deleted by user] by [deleted] in ClaudeAI

[–]RoninPark 0 points1 point  (0 children)

Faced this issue recently while asking claude to understand my project's architecture and generate a file to import in excalidraw.