Blog post on how prompt injection attacks are becoming more like social engineering and how we can design AI agents to be more resistant to them.

Blog post summarising a fully sandboxed mode for chatgpt which mitigates impacts from Prompt Injection.

Paper describing the mechanism OpenAI products such as ChatGPT use to detect when an AI is communicating non-public data.

Blog post summarising paper describing the mechanism OpenAI products such as ChatGPT use to detect when an AI is communicating non-public data.

Overview of OpenAI’s approach to prompt injection

Article on common security misconceptions around CORS.

Google research; exploit to remotely take over VSCode and any attached cloud systems. CVE-2022-41034, GHSA-pw56-c55x-cm9m

Bypassing cutting-edge web security techniques to hack Apple ID.

Vulnerability to remotely access Steam users' computers.

Technical writeup & disclosure of a 1-click attack on the Steam, the world’s largest gaming platform, allowing remote access to users’ computers.

Article on an Übersicht form-post bug that let any website control users’ computers, and using Spotify's certificate design to explain why localhost web services are a weak application-security boundary.

CSP1 information leak allowing efficient deanonymisation of internet users.

Vulnerability allowing manipulation of UK tax system.

Unauthorized remote shutdown of Buffalo-made network attached storage devices.

Vulnerability in php-openid allowing an attacker to log in as any user.

Exploit using content security policy 1 to steal data on the web

Talk with Adrian Spânu on the present and future of prompt injection. One of the most attended talks at the conference. Q&A lasted for 2 hours.

Panel representing OpenAI at the AI Agent Security summit at the Commonwealth Club of San Francisco.

Technical talk at offensive AppSec conference summarising through example research into hybrid web / desktop application security

Talk at Game Dev Days 2018 in Graz, Austria summarising some security concepts for game developers.

Talk at OWASP about critical UK tax system flaw in obfuscated system and the 57 day trek to get it fixed.

Talk at DEF CON by Sonar R&D including original research into VSCode security, reflecting on my own prior art CVE-2022-41034 (not my talk).

News coverage of Steam vulnerability allowing remote access to users’ computers.

News post on manipulation of UK tax data.

Remote code execution in website for TV show “Mr. Robot” allowing attacker to control the website server.

Code execution vulnerability in website for TV show “Mr. Robot”.

Padding oracle based attack allowing full decryption of traffic on Steam, the world’s largest gaming platform.

The highest award given by the world's largest hacker convention. Awarded for the HackFortress CTF.

Hybrid CTF / esports competition winners.

Defended title for hybrid gaming CTF / esports competition.

Award for my work on UK government vulnerability disclosure policy and my responsible disclosure of vulnerabilities in the UK tax system.

Hybrid CTF / esports competition winners.

For my work at Twitch, and on responsible disclosure.

Unique developer granted cosmetic item for the video game Team Fortress 2 granted for security issue allowing decryption of all Steam traffic.

Unique developer granted cosmetic item for the video game Team Fortress 2 granted for security issue disclosures allowing remote access to computers running the video game.

Unique developer granted cosmetic item for the video game Team Fortress 2 granted for security issues allowing movement millions of dollars of virtual items between arbitrary accounts via account takeover.

Prize from national hackathon for young people.