Loading video...

Video Failed to Load

Go Home

Nebula Security is now backed by Y Combinator. We’re celebrating by bringing you the world’s first Android 17 root demo — “IonStack”, a url click can let attacker fully control your phone. This is not only an Android root demo. We’re bringing you a full chain browser-to-kernel exploit with...

214,605 views • 20 days ago •via X (Twitter)

0 Comments

No comments available

Comments from the original post will appear here

Related Videos

The Federal Reserve and the US Treasury just summoned Wall Street's most powerful CEOs to an emergency meeting. The reason: An AI model so dangerous they couldn't discuss it over the phone. This is the FIRST time the Treasury Secretary and Fed Chair jointly called bank CEOs into a room since October 13, 2008. That day, Paulson and Bernanke unveiled the $250 billion TARP bailout to stop the entire financial system from collapsing. This time it wasn't about banks failing. It was about an AI that can hack EVERY major operating system and web browser on earth. Here's what this means: Anthropic built a new AI model called Mythos. During internal testing, it found THOUSANDS of zero-day vulnerabilities across every major operating system and every major web browser on earth. Including a 27yo bug in OpenBSD, an operating system literally famous for being unhackable. And several vulnerabilities in the Linux kernel that could give an attacker complete control of any machine running it. Nobody asked it to do this. The capabilities were NOT trained. They literally just emerged as the model got smarter at coding and reasoning. Anthropic's researchers said they found more bugs in a few weeks with Mythos than they had found in their entire careers combined. On Tuesday, Bessent and Powell pulled the CEOs of Citi, Morgan Stanley, Bank of America, Wells Fargo, and Goldman Sachs into Treasury headquarters. The message: This AI exists, similar ones are coming, your banks need to be ready. But JPMorgan's Jamie Dimon didn't show up. Here's why that matters more than you think: JPMorgan is the ONLY bank that already has access to the model. They're one of 12 founding partners in Anthropic's "Project Glasswing" which gives select companies early access to Mythos to find and fix their own vulnerabilities before hackers get similar tools. So 5 bank CEOs managing $9 TRILLION in assets got called into a room to be warned about a threat. The one bank with the actual tools to defend against it? Their CEO skipped the meeting. The same day JPMorgan analysts issued buy ratings on CrowdStrike and Palo Alto Networks, citing Glasswing as the catalyst. One side of Wall Street got the warning. The other got the weapon AND the trading thesis. But here's the thing... The same AI that finds and fixes vulnerabilities can also EXPLOIT them. Anthropic admitted it directly. Mythos "can surpass all but the most skilled humans at finding and exploiting software vulnerabilities." In one test, it wrote a browser exploit chaining FOUR separate vulnerabilities, escaping both the renderer sandbox and the OS sandbox. Fully autonomous. Zero human involvement. Over 99% of the vulnerabilities it found haven't been patched yet. Meanwhile, Anthropic is fighting the Pentagon in court. The Defense Department labeled them a "supply-chain risk" after they refused to let their AI be used for autonomous targeting of US citizens. A San Francisco judge blocked the designation, calling the Pentagon's actions "disturbing." Then a DC appeals court reversed that protection. On the same day as the emergency bank meeting. One branch of government is treating Anthropic as a national security threat. Another is begging Wall Street to prepare for its technology. And the intelligence community is quietly asking how to use Mythos offensively against adversaries. The last time this many powerful people were this nervous about a single technology was nuclear weapons. But the difference is that Nukes required a government, billions of dollars, and uranium enrichment facilities. This just required a better AI model.

Ricardo

41,694 views • 3 months ago

Introducing the Clips chrome extension - the easiest way to send bug reports to agents with video, transcript, and browser debug info captured automatically. 100% free and open source. If you are like me and get tired of manually typing instructions to agents, attaching screenshots, pasting debug logs, and all of that, this might be your new favorite tool. With the Clips chrome extension, you can just click the Clips icon, hit record, and start talking. Visually demonstrate your issue, go through the flow, point out what’s broken. Clips will capture everything on your screen, plus network requests, browser logs, client errors, and all the details around them. And it redacts sensitive information. Then it gives you a link you can send to humans so they can play it and take a look. Or, more importantly, just give it to your agents by just pasting the URL to them. The link has special metadata for agents so just from the URL, the agent can pull all information from the clip automatically. No plugin or MCP server required. That means it can "see and hear" what’s in the video - read the transcript, grab snapshots at any timestamp, and inspect the logs and network requests that were shared with it. So whether you want to quickly demo an issue and send all that context to an agent, or get better bug reports from teammates, recording and sending Clips makes that super easy. Unlike expensive apps like Loom, this is all 100% free and open source. The framework that powers this, plus a bunch of other free applications, is open source too. You can just sign up and use it, or fork it and customize it to your needs. This, in my opinion, is the future of software. Rather than bloated SaaS that charges you a ton of money and still doesn’t even have the things you need, we get free open source canonical apps that you can fork and customize in any way you want. I'll link to all this stuff in the replies. If you try it, let me know your feedback.

Steve (Builder.io)

59,767 views • 18 days ago

Anthropic admitted they built an AI so capable they were scared to release it and the number that explains why is 250. Anthropic's CFO Krishna Rao described in this clip what happened when they ran Mythos against an open source codebase that a previous frontier model had already analyzed. The prior model found 22 security vulnerabilities, Mythos found 250. In the same codebase, that the previous model had already reviewed and flagged as relatively clean. That number, more than 11 times as many vulnerabilities discovered is not just a benchmark improvement, it is a signal that there is an entire layer of software infrastructure that humanity has been operating under the assumption was secure and that assumption may no longer hold. The UK AI Security Institute independently evaluated Mythos Preview and confirmed what the internal numbers suggested. On expert level capture the flag challenges that no model could complete before April 2025, Mythos succeeded 73% of the time and it became the first model ever to complete a complex end-to-end attack range from start to finish, autonomously, without human guidance. The World Economic Forum called this a new security-driven era for AI, the Governor of the Bank of England publicly warned that Anthropic may have found a way to unlock the entire cyber-risk landscape, and the European Central Bank began quietly contacting financial institutions to assess their security posture. The response from Anthropic is what makes this story genuinely important. Rather than shelving the model or publishing it as a standard API release, Rao described a phased approach restricting access to a controlled group, focusing specifically on how the cyber capabilities can be used defensively rather than offensively and treating that framework as a template for how to release powerful but dangerous models in the future. The broader context makes that framing even more significant. AI generated code is already creating ten times more security vulnerabilities than human-written code, 63% of organizations reported experiencing an AI driven cyberattack in the past 12 months, and traditional signature-based security tools were built for a threat model that no longer describes the attack surface companies are defending against. Mythos represents a genuine leap in what autonomous security reasoning can do and it cuts both ways. The model that can find 250 vulnerabilities in a codebase a prior model rated as mostly clean is also, in the wrong hands, the model that can exploit those 250 vulnerabilities before a human defender has even finished reading the report. Anthropic's phased release strategy is not just a legal or PR decision, it is the most honest signal yet from a frontier lab that safety governance and capability development can no longer be treated as separate workstreams. The question is not whether this technology gets deployed, it is whether the institutions using it defensively stay ahead of the ones who will eventually use it offensively and whether the labs building it can keep those two timelines from inverting.

Milk Road AI

24,356 views • 2 months ago

🚨APPLE SPENT 5 YEARS AND BILLIONS OF DOLLARS BUILDING THE MOST ADVANCED SECURITY SYSTEM IN CONSUMER HISTORY.. AN AI BROKE IT IN 5 DAYS.. Here’s what just happened.. Apple built something called Memory Integrity Enforcement for its new M5 chips.. It’s a hardware-level security system that attaches secret cryptographic tags to every piece of memory.. If a hacker tries to access memory they shouldn’t.. The chip blocks it instantly.. Every known exploit chain against iOS and macOS was rendered obsolete overnight.. Apple said so themselves.. Then a small team at a cybersecurity firm called Calif used Anthropic’s unreleased Claude Mythos Preview to find vulnerabilities in the macOS kernel.. The AI found the bugs almost instantly.. Because once it learned the pattern of a specific type of flaw.. It could recognize every other flaw in that same class across the entire codebase.. What used to take elite security teams months.. The AI did in hours.. Within 5 days.. The team had a fully working exploit that escalated a basic user account to full root access on an M5 Mac running the latest macOS.. With MIE fully enabled.. The billion-dollar hardware defense running at full strength.. The trick.. They didn’t fight the hardware.. They went around it.. MIE is designed to catch memory corruption.. Hackers trying to overwrite pointers or inject code.. The team used a “data-only” approach instead.. They manipulated legitimate data structures the hardware was never designed to monitor.. Like changing an internal flag from “standard user” to “admin”.. The chip saw a perfectly normal operation.. The operating system obeyed.. And the attacker had total control.. The hardware thought everything was fine.. Because technically it was.. The exploit never triggered a single tag mismatch.. They walked into Apple Park and hand-delivered a 55-page report.. Apple patched it in macOS 26.5.. And for the first time ever.. Apple’s official security advisory credited the vulnerability discovery to “Calif dot io in collaboration with Claude and Anthropic Research”.. An AI is now credited in Apple’s CVE patches.. But here’s what makes this story truly terrifying.. Before MIE existed.. An exploit kit called DarkSword was hitting iPhones with zero-click attacks.. Six vulnerabilities chained together.. Total device control just from visiting a webpage.. Deployed by Russian espionage groups, Turkish surveillance vendors, and actors in Saudi Arabia.. Then it got leaked on GitHub.. Nation-state capabilities.. Free for anyone.. MIE was supposed to make all of that impossible.. And an AI found a way around it in 5 days.. The previous model.. Claude Opus 4.6.. Found 22 security bugs in the Firefox codebase.. Claude Mythos Preview found 271 in the same environment.. A tenfold increase.. Linux kernel CVEs jumped from 300 per year to over 5,500.. Largely driven by AI-powered vulnerability research.. The IMF designated Claude Mythos as a systemic financial stability risk.. Because if an AI finds a flaw in software used by every major bank simultaneously.. It could trigger a cascading financial crisis.. Anthropic knew this was coming.. That’s why they didn’t release the model publicly.. Instead they launched Project Glasswing.. Giving defensive access to AWS, Apple, Google, Microsoft, Nvidia, CrowdStrike, JPMorgan, and others.. $100 million in usage credits.. So defenders can scan their own systems before attackers get this capability.. The Pentagon blacklisted Anthropic over autonomous weapons.. Then quietly started using Mythos to harden government systems anyway.. The cybersecurity arms race just changed permanently.. Hardware can’t save you.. Software can’t save you.. The only defense against an AI that finds vulnerabilities is another AI that finds them first.. Five years and billions of dollars.. Five days and one AI.

Evan Luthra

91,085 views • 1 month ago

This is a sweet video... I like to tell people that your family is not your fate. You’re not doomed to become your parents or to live exactly as you lived in your own childhood. If you came from a broken home, full of anger, constant arguing, and disorder, you don’t have to repeat that. You can escape it. But, almost paradoxically, you don’t escape it by obsessing over how you were wronged in your childhood. That usually pulls you right back into it. That’s why so many men who swear they’ll never become their fathers end up doing exactly that. You escape it by being future-focused for the good of others. You escape it by building something that blesses people beyond yourself, in your community, in your church, and especially in your family. You can be the link in a new chain. God brings beauty from ashes, and he has a habit of extinguishing a hellish heritage and, through a bold-hearted, repentant man, replacing it with the beginnings of a heritage shaped by heaven. But “your family is not your fate” cuts both ways. Maybe you’re not the first link, but the second or third in a godly heritage. You were blessed with advantages, growing up in church, reading the Bible, living in a home with present parents. If you take that for granted, your life will look very different from theirs, and not in a good way. The good life, as the Bible defines it, grows out of a Christian who wakes up and asks the LORD, “How can I obey you today, for your glory and for the good of others into the future?”

Michael Foster

108,841 views • 5 months ago

Google just confirmed the first case of hackers using AI to build a zero-day exploit from scratch. An actual zero-day vulnerability that no human had EVER found before, discovered by an AI model, turned into a working weapon, and aimed at a mass exploitation campaign targeting thousands of systems simultaneously. Google's Threat Intelligence Group caught it yesterday and killed the operation before it scaled. But the details of how it worked are genuinely scary: The AI found a flaw in a popular two-factor authentication system that traditional security tools had missed entirely. The vulnerability was a logic error buried deep in the authentication flow where a developer had hard-coded a trust exception years ago. No human security researcher or automated scanner had caught it. The flaw was invisible to EVERY tool the cybersecurity industry has built over the past two decades. But the AI spotted it immediately. Then it wrote a full Python exploit script to weaponize it. Google's analysts could tell the code was AI-generated because it had textbook formatting, educational comments explaining every function, and even a hallucinated severity score that doesn't exist in any real database. The AI literally graded its own attack with a fake rating. So the code had MISTAKES in it. The criminals' implementation was clumsy enough that it probably interfered with the actual deployment. This was the sloppy first attempt by people who are still learning how to use these tools. And it still found a vulnerability that the entire cybersecurity industry missed. Google's chief threat analyst John Hultquist said: "There's a misconception that the AI vulnerability race is imminent. The reality is that it's already begun. For every zero-day we can trace back to AI, there are probably many more out there." But here's where it gets truly insane... This wasn't even a sophisticated operation. North Korea's APT45 hacking unit is sending thousands of repetitive prompts to AI models, recursively analyzing known vulnerabilities and building an entire exploit arsenal that would be physically impossible for human hackers to assemble at the same speed. They're essentially industrializing cyberattacks. A Chinese state-linked group jailbroke Google's own Gemini by simply asking it to "pretend to be a network security expert" and then used that persona to research how to hack TP-Link routers and corporate file transfer systems. Another Chinese group deployed autonomous AI agents that probed a Japanese tech firm with minimal human oversight, deciding on their own which tools to use and pivoting between targets based on internal reasoning. And then there's PROMPTSPY, an Android backdoor that calls Google's Gemini API to read your phone screen in real time, navigate your interface autonomously, capture your biometric data, replay your lock screen PIN, and block you from uninstalling it by placing an invisible overlay over the uninstall button. It literally OPERATES your phone using commercial AI tools anyone can access. Everyone spent the last 3 years arguing about whether AI would take people's jobs. Meanwhile AI is making every password, every firewall, and every two-factor authentication system on Earth fundamentally less secure. The entire $190 billion cybersecurity industry was built on one assumption: that finding vulnerabilities is hard and requires deep expertise. But AI just removed that assumption from the equation. And the scariest part is that Google said the criminals made errors this time. The implementation was rough and the campaign probably didn't fully work. These were amateurs, now imagine what professionals are able to do. There's a reason Sam Altman predicted an inevitable massive cyberattack THIS year. What do you think?

Ricardo

50,564 views • 2 months ago

You won’t regret listening to this clip today from John MacArthur about his fixed time on earth. A Death for the Glory of God — John MacArthur // September 7, 2014 It’s a proverb, and the proverb is simple, very simple proverb. You can’t lengthen the daylight. You can’t shorten the daylight, right? Nothing any friend can do can lengthen the daylight. Nothing any enemy can do can shorten the daylight. It is what it is and it is fixed by God, and so is my life. No enemy can shorten it. No friend can lengthen it. It is what it is. And in that light of life which God has ordained for me, I will not stumble. That is to say, nothing will happen to me that is outside the plan. I’m not going in the dark. I’m going in the light of God’s divine day. A day can’t finish before its ordained end. The time allotted to me to accomplish my earthly ministry is fixed. It’s fixed by God. It can’t be lengthened by any precautionary measures. You don’t have to go hide somewhere in a cave. You don’t have to avoid conflict. You don’t have to run from your enemies because you can’t lengthen your life, and you can be bold and you can step right into the face of your enemies because they can’t shorten it. I tell you, just from my own personal standpoint, I live in that confidence. I can’t do anything. Neither can anybody else to lengthen my life. I’m not afraid that somebody, some enemy can do anything to shorten my life. My day is what God has ordained it will be, and in that I go forward with confidence and boldness. Jesus knew that His hour was coming, but it hadn’t come yet, and many times He’d said, “My hour hasn’t come. My hour hasn’t come.” And He escaped all of the plots and all of the mob violence. This has great application for us I think to realize that if you’re walking in the Spirit and serving the Lord, you have your day. Being a coward and taking all kinds of precautionary steps and not being faithful isn’t going to lengthen it; and being bold in the face of enemies isn’t going to shorten it because it is what God has ordained it to be.

Terri Green

49,843 views • 1 year ago