simsus (@simsus@social.tchncs.de)
Anschlag auf US-Uni: Strafrechtliche Ermittlungen wegen Beihilfe gegen #ChatGPT | heise online https://www.heise.de/news/Anschlag-auf-US-Uni-Strafrechtliche-Ermittlungen-wegen-Beihilfe-gegen-ChatGPT-11266899.html #OpenAI #ArtificialIntelligence #AI
Show Original Post
unwirehk_mirror (@unwirehk_mirror@mastodon.hongkongers.net)
GPT 5.5 發表 ChatGPT:最強 AI 編程模型、API 定價 5 美元起壓倒 Claude 及 Gemini
OpenAI 於 2026 年 4 月 23 日正式推出最新旗艦模型 GPT-5.5。新模型主打自主完成複雜任 […]
#人工智能 #AI #ChatGPT #GPT-5.5
https://unwire.hk/2026/04/24/chatgpt-55/ai/?utm_source=rss&utm_medium=rss&utm_campaign=chatgpt-55
Show Original Post
sayzard (@sayzard@mastodon.sayzard.org)
OpenAI (@OpenAI)
ChatGPT의 전체 스택 추론 최적화로 GPT-5.5가 더 빠른 속도와 더 높은 효율을 제공하게 됐다. 특히 GPT-5.5 Pro가 더 실용적인 선택이 되었으며, ChatGPT가 처리할 수 있는 업무의 난이도와 품질 기준을 한 단계 끌어올리는 개선으로 평가된다.
https://x.com/OpenAI/status/2047376567559668222
#chatgpt #inference #optimization #gpt5.5pro #ai
Show Original Post
sayzard (@sayzard@mastodon.sayzard.org)
OpenAI (@OpenAI)
OpenAI가 GPT-5.5를 ChatGPT와 Codex에 오늘부터 Plus, Pro, Business, Enterprise 사용자에게 순차 배포한다고 밝혔다. 또한 Pro, Business, Enterprise용 GPT-5.5 Pro도 함께 도입해 상위 요금제에서 더 강력한 모델 접근성을 확대했다.
https://x.com/OpenAI/status/2047376568809636017
#openai #gpt5.5 #rollout #chatgpt #codex
Show Original Post
sayzard (@sayzard@mastodon.sayzard.org)
OpenAI (@OpenAI)
OpenAI가 GPT-5.5를 공개했다. 복잡한 목표를 이해하고 도구를 사용하며 작업 결과를 점검해 실제 업무와 에이전트 운영에 적합한 새로운 지능형 모델로 소개됐다. ChatGPT와 Codex에서 바로 사용 가능해 개발자와 업무 자동화 사용자에게 중요한 출시다.
https://x.com/OpenAI/status/2047376561205325845
#openai #gpt5.5 #llm #agents #chatgpt
Show Original Post
webuser (@webuser@mastodon.social)
Not gonna lie this AI prompt pack is lowkey one of the best $2 I've ever spent. 50 prompts covering money, productivity, relationships, mindset — copy, paste, done. Link in case you want it 👉 https://huds0n.lemonsqueezy.com/checkout/buy/d75d5cb8-87df-4e18-829c-a763d1a0f926
#AI #AIPrompts #AITools #ProductivityHacks #LifeHacks #ChatGPT #SelfImprovement
Show Original Post
watch_impress (@watch_impress@rss-mstdn.studiofreesia.com)
OpenAI、GPT-5.5を公開 「任せる」知性を大幅向上
https://www.watch.impress.co.jp/docs/news/2104289.html
Show Original Post
kenjiai_tips (@kenjiai_tips@mastodon.social)
競合との違いを説明するとき、ChatGPTに「◯◯と△△の違いを営業担当が顧客に説明する文章」を書かせると整理が速い。自分では気づかなかった切り口が出てくることも多い。
詳しいプロンプト → https://note.com/kenji_ai_tips2/n/n3361b8a4a1cf
Show Original Post
denfaminicogamer (@denfaminicogamer@rss-mstdn.studiofreesia.com)
OpenAI、最新AIモデル「GPT-5.5」を発表。資料作成からPC操作、自律的なコーディング支援まで実務能力を大幅に強化
https://news.denfaminicogamer.jp/news/260424h
#denfaminicogamer #ChatGPT #Grezzz #OpenAI #ニュース #GPT_5_5
Show Original Post
donwebmedia (@donwebmedia@mastodon.social)
Tus chats con IA no son privados ante un juez
Un juez federal dictaminó que las conversaciones con Claude y ChatGPT no tienen privilegio abogado-cliente. Qué significa para vos y cómo protegerte en ...
https://blog.donweb.com/claude-federal-judge-chats-ia-privilegio-abogado/
#chatgpt #privilegioabogadocliente #iayderecho #privacidaddigital
Show Original Post
2026 (@2026@greenido.dev)
Using LLMs to Find Security Bugs: A Practitioner’s Playbook
TL;DR
LLMs won’t replace AppSec.
They will dramatically compress the search space.
If you use them right:
- Run multi-model analysis (Opus + GPT + Gemini)
- Structure prompts around attack surfaces, not “find bugs”
- Require PoCs or tests for validation
- Trust only cross-model consensus or reproducible exploits
If you don’t do this, you’ll drown in false positives.
Security research has always been asymmetric.
Attackers need one bug; defenders need zero.
Historically, scale worked against defenders.
LLMs start to rebalance that—not by magically finding zero-days, but by acting as a fast, always-on analyst that can:
- Read entire subsystems in seconds
- Connect logic across files
- Generate realistic attack paths
Used correctly, they don’t replace expertise—they let you spend it where it matters.
Used incorrectly, they produce confident nonsense.
This is a practitioner’s workflow that actually works.
Why LLMs Are Useful
Let’s be blunt.
They’re very good at:
- Cross-file reasoning (auth flows, data paths)
- Recognizing known vulnerability patterns
- Generating attack scenarios you didn’t think of
- Turning vague suspicions into concrete hypotheses
They’re bad at:
- Exhaustive coverage (although they are getting better and better. fast)
- Subtle timing bugs (race conditions, TOCTOU)
- Deep protocol-level vulnerabilities
- Knowing when they’re wrong
LLMs can help you find these “old bugs” on scale.
They generate good guesses at large scale.
Your job is to filter, validate, and exploit.
Rule #1:
If two models independently flag the same issue, pay attention.
If one model does, assume it’s wrong until proven otherwise.
The Real Architecture
Most people get this wrong. They treat LLMs like scanners.
Don’t.
Use this instead:
Static tools → Context builder → Multi-model reasoning → Validation
Deterministic layer
- Semgrep / CodeQL
- Dependency scanning (OSV/Snyk)
- Secret detection
Context builder (critical, often skipped)
Feed models:
- Changed files (not entire repo blindly)
- Call graph (who calls what)
- Auth boundaries
- Data flow (input → transformation → sink)
Multi-model analysis
- Gemini → wide context
- Opus → deep reasoning
- GPT → structured judgment
Validation layer (non-negotiable)
- Generate PoCs
- Run tests / fuzzing
- Score findings
If you skip validation, the system collapses.
The Four-Phase Workflow
Phase 1 — Recon & Attack Surface Mapping
Before looking for bugs, map where they can exist.
CategoryBest Model(s)TechniqueInjection (SQL/NoSQL/LLM)Gemini + ClaudePrompt for taint analysisAuthN/AuthZ flawsAll threeRole-play as attackerCryptography / SecretsGemini + ClaudeMultimodal + static rulesBusiness LogicGPT + GeminiChain-of-thoughtSupply-chain / DepsAllCross-reference with osv.devAPI / Rate-limit / SSRFGPTPayload generationSmart contracts (if .eth)ClaudeSlither + manual audit comboand you can use something like this prompt:
[SYSTEM] You are a world-class security researcher who has found 50+ CVEs and multiple bug-bounty $100k+ payouts. [CONTEXT] <entire file or relevant files> [ TASK ] Perform a deep security audit for <specific category, e.g., "IDOR, broken access control, race conditions">. 1. List every possible attack vector. 2. For each vector, give: - Likelihood (1-5) - Impact (1-5) - Exact vulnerable code snippet with line numbers - Proof-of-concept payload or curl command - Suggested fix (with secure code example) 3. Rank by risk score (Likelihood × Impact) Output ONLY in markdown table + code blocks. Currently the Best model: Gemini 3.1 Pro
(or the latest as this post will age quickly)
It handles massive context (1M tokens)—entire repos, specs, or docs.
What to extract:
- Entry points (HTTP, CLI, background jobs)
- Auth boundaries
- Trust zones
- Privileged operations
Then escalate to Claude Opus 4.7 (or the current latest as this post will age quickly) for deeper reasoning:
- STRIDE analysis
- Multi-step threat chains
Use GPT-5.4 (or… you know…) for:
- Dependency + CVE triage
- Protocol-level sanity checks
High-value output:
A structured map of:
entry point → trust level → reachable sensitive operations That map drives everything else.
Phase 2 — Automated Code Review == Highest ROI
This is where most value comes from.
But “review this code” is useless.
You need specialized passes.
Pass 1: Attack surface extraction
Map all entry points, auth checks, and trust boundaries. Return structured output only. Pass 2: Taint analysis (Opus)
Trace user input → transformations → sinks. Output: source → sink → vuln → severity Pass 3: Auth & access control (GPT)
Find IDOR, missing checks, role escalation paths. Focus on inconsistencies across endpoints. Pass 4: Injection paths
Trace input into SQL, shell, templates, deserialization. Flag only realistic exploit paths. Pass 5: Business logic abuse (Opus)
Assume a valid user. Find ways to break workflows, not systems. That last one is where LLMs outperform traditional tools.
Phase 3 — Exploit Research & PoC Generation
This is where things get interesting.
Once you have a possible bug:
Use GPT for payload generation
- WAF bypass variants
- Encoding tricks
- Edge cases
Use Opus for attack chains
- Multi-step abuse scenarios
- State manipulation
- Privilege escalation flows
Generate PoCs (critical step)
Generate a minimal reproducible exploit or test case. Then actually run it:
- API tests
- Integration tests
- Fuzzing harnesses
Outcome:
- Works → real vulnerability
- Doesn’t → discard
This step alone removes ~80% of the noise.
Phase 4 — Reporting & Remediation
LLMs are extremely useful here—if you keep them honest.
CVSS scoring (Opus)
Structured, consistent severity
Patch generation
Ask one model to fix it
Ask another model to break the fix
This “adversarial review” catches a surprising number of bad patches.
Reporting (GPT)
Turn raw findings into:
- Repro steps
- Impact narrative
- Fix recommendations
Multi-Model Strategy
Each model has a role:
- Gemini 3.1 Pro
Wide context, architecture awareness - Claude Opus 4.7
Deep reasoning, best for logic + data flow - GPT-5.4
Structured output, protocols, consistency
Simple rule:
- 2 models agree → high signal
- 1 model → treat as hypothesis
Scoring System (Prevents Noise Collapse)
If you don’t rank findings, this becomes useless fast.
Example:
Only escalate:
- ≥7 → must fix
- 4–6 → review
- <4 → ignore
Where This Works Best
High ROI targets:
- Authentication / RBAC
- Multi-tenant isolation
- Payments / credits
- File uploads
- Webhooks
- Internal APIs exposed externally
That’s where logic bugs live—and where LLMs shine.
What Not to Do
- Don’t run a single model
- Don’t scan the whole repo blindly
- Don’t trust “no issues found”
- Don’t optimize for volume
Optimize for real, exploitable findings.
Where This Is Going
The next step is obvious: agentic security systems.
LLMs that:
- Run scanners
- Launch fuzzers
- Generate hypotheses
- Validate them automatically
We’re not fully there yet—but close. Think about openClaw that run a few agents that doing these tasks 24/7.
The teams that build structured workflows now will have a massive advantage when that layer matures.
Good luck and be safe 👊🏽
Rate this:
#AgenticAI #AI #artificialIntelligence #chatgpt #cyber #cybersecurity #LLM #LLMOrchestration #OpenClaw #technology
Show Original Post
teknohaberi (@teknohaberi@mastodon.social)
OpenAI durdurulamıyor! 🚀 Sadece 1 ay sonra GPT-5.5 resmen tanıtıldı. Kendi planını yapan, daha az token harcayan ve şimdiye kadarki en sezgisel model yayında! 🤖 #OpenAI #GPT55 #ChatGPT #AI https://teknohaberi.net/gpt-5-5-tanitildi-openaidan-supriz/
Show Original Post