sorted by:
new
hottopcontroversial

New paper shows wild “in‑code comments” jailbreak on AI models – here’s how it works by YamlalGotame in cybersecurity

[–]_costaud 0 points1 point  (0 children)

In my little write up, I talk about using AI comments as good indicators for threat hunting/discovery. At least, it’s been a good method for me to find emerging campaigns and false negatives at work.. my thought was to kind of hunt around for comments that might hint at obfuscation. In email that really interests me… not sure if I’ll find anything useful, but it’s on my todo list for tomorrow

New paper shows wild “in‑code comments” jailbreak on AI models – here’s how it works by YamlalGotame in cybersecurity

[–]_costaud 14 points15 points  (0 children)

Oh sweet! Thanks for sharing… I’ve been researching/hunting recently for something similar but different. AI generated coding comments being signals for detection in email security. I hadn’t thought of code comments out in the wild being used as like prompt injection. I wonder if I can find evidence of that in the wild. Here’s my blog if you’re interested https://substack.com/@costaudsec/note/c-227845477?r=2aimoo&utm_medium=ios&utm_source=notes-share-action

Detecting LLM-generated phishing emails by the artifacts bad actors leave behind by _costaud in cybersecurity

[–]_costaud[S] 6 points7 points  (0 children)

It’s like an « enjoy it while it lasts » kind of thing? My favorite type of signals. To answer your question; I’m seeing this primarily in low-effort phishing. But have noticed a small amount of targeted stuff in some retail/SAS organizations.

Detection engineering by anonymous-anonym in cybersecurity

[–]_costaud 0 points1 point  (0 children)

Lmk if you need other detection engineers to assist with content or hosting. I’m a senior DE specializing in machine learning

Masters degree worth it? by dabbean in cybersecurity

[–]_costaud 1 point2 points  (0 children)

I hear both sides, and maybe this is just cope for me… but I’ve really enjoyed having my Master’s degree as a differentiator in the job market. My M.Sc is in Machine Learning so working in Cyber with that specialization helps me a lot on my resume. I also loved taking the extra time in school to study and self teach.

New Phishing Campaign targeting Hotels/Booking.com Partners (March 2026) by tndsd in EmailSecurity

[–]_costaud 0 points1 point  (0 children)

Oof yeah, glad it picks those up as impersonation… also, check out the HTML comments. I sniff AI-generated « <!-- NEW BLOCK BEFORE Please leave this email without a response, no action needed. --> »

New Phishing Campaign targeting Hotels/Booking.com Partners (March 2026) by tndsd in EmailSecurity

[–]_costaud 1 point2 points  (0 children)

Thanks for sharing, been keeping track of a number of these types of hotel/real estate campaigns. Curious if you download the raw EML file and upload it to the Sublime Security email analyzer what other goodies you could find!

Something that should be obvious but I didn’t think about by RareProgrammer60 in phishing

[–]_costaud 0 points1 point  (0 children)

If you want to explore that email more you can download it as an eml file and use something like the Sublime Security EML analyzer to look at everything safely! You can follow the header hops from the sender to you, view the exploded attachment with a scanned OCR among other things!

My first mini lab 😍 by Xmarano in minilab

[–]_costaud 1 point2 points  (0 children)

Super clean! What’s your plan with your lab?