ai-safety

5 posts

EY Canada's 2026 report cited papers that don't exist

EY Canada published a cybersecurity report with mostly hallucinated citations. Here's what that means for how you should read threat intelligence.

May 31, 2026

Article

YouTube built a checkbox, not a detector

YouTube's automatic AI-generated video label is a disclosure system, not a detector. Here's what it actually does for cybersecurity and what it doesn't.

May 27, 2026

Article

March 2019 changed who reads binaries

Free disassemblers and decompilers changed who can audit binaries. The defender, attacker, and AI safety implications are now playing out in practice.

May 20, 2026

Article

A few bytes spill onto the next heap chunk

Technical writeup of CVE-2026-42945, the NGINX rewrite module heap overflow, plus what it means for LLM deployments sitting behind the proxy.

May 18, 2026

Article

Mid-2024: a drunk LLM found a ksmbd kernel bug

How researchers used degraded LLM prompts to find a remote OOB write in the Linux kernel's ksmbd module, and what it means for kernel security.

May 18, 2026