A walkthrough of how an LLM, wrapped in a tiered build-and-test harness, can take a Mythic C2 agent from a one-paragraph spec all the way to a deployed, working implant — and what that means for defenders relying on static signatures.
How LLMs Actually Work: A Transformer Internals Walkthrough
0xkato’s walkthrough of the mechanisms inside modern transformer-based LLMs — tokenization, embeddings, Rotary Position Embeddings, attention with Q/K/V and causal masking, multi-head attention and the move to Grouped-Query Attention, the feed-forward network as the stored-knowledge layer, Mixture of Experts, the residual stream + RMSNorm + pre-norm stack, and the next-token prediction loop with speculative decoding. By the end you can read a modern LLM model card and recognise which piece of the architecture each section is talking about.
Autonomous Vulnerability Hunting with MCP: Inside a Self-Improving 0-Day Pipeline
Andy Gill’s ZephrSec write-up of an autonomous vulnerability hunting system built around Claude Code and the Model Context Protocol: 8 MCP servers, 300+ tools, a 5-VM Proxmox hunt range, a four-gate hallucination bin, a FAISS-backed RAG knowledge loop, and a bounty-intelligence ROI scorer. Already produced two assigned Go standard-library CVEs (CVE-2026-33809 in x/image/tiff, CVE-2026-33812 in x/image/font/sfnt), a four-stage OEM update-service chain ending in SYSTEM code execution on Windows 11 25H2, and two macOS findings, with multiple Windows LPEs/RCEs/UAFs in progress. Faithful walkthrough with all source assets reproduced.
From Prompt to Pwned: Chaining LLM and Web Bugs into Admin Takeover
A Quarkslab red team exercise stitches insecure LLM output handling, missing cookie flags and a conversation-sharing IDOR into a single-click admin account takeover — a reminder that LLM-integrated apps still die from boring web bugs once you treat the model output as untrusted HTML.
CuSafe — Catching Memory Corruption on Commodity NVIDIA GPUs (USENIX Security ’26)
CuSafe is a GPU memory sanitizer for off-the-shelf NVIDIA hardware. It combines pointer tagging with in-band buffer bounds via an LLVM 21 transform pass, ships in a 2 964–line implementation, catches every spatial and temporal bug in the authors’ 33-program test suite, and incurs an average 13% slowdown on 44 GPU workloads — including LLaMA2-7B and LLaMA3-8B inference — against compute-sanitizer’s 15× baseline.
AI vs Reverse Engineering: How Claude Helped Find a radare2 0-Day
Researchers used Claude AI to discover a command-injection 0-day in radare2. A crafted PDB symbol name allowed arbitrary command execution when a binary was analyzed, showing the power of AI-assisted vulnerability discovery.
MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)
Researchers showed that the Claude AI model could generate a working exploit for a FreeBSD kernel vulnerability (CVE-2026-4747), producing a remote root shell by building a stack overflow and ROP chain with minimal human guidance.






