🤖 🛋️ Building My Custom AI Therapist

This week I played around with building my own custom AI therapist, and found it offered surprisingly direct and useful insights.

1. First, I co-created a therapist “persona” prompt interactively with Claude, combining snippets from 5 example profiles it generated + my answers to clarifying questions it asked me.

2. I then created a Claude Project (custom GPT or NotebookLM would also work) that used this “persona” as its system prompt that it would use in every interaction.

3. You can then upload various journals entries or reflections you’ve written to the project, or to an individual conversation thread, so that the context can be pulled in.

I then took a walk and did speech to text on my phone, conversing with “Marcus,” and found “he” had surprisingly accurate and insightful analyses of what I was debating, offered clarifying questions and prompts, and more.

Feel free to let me know if you’ve tried this and have any tips!

Disclaimer: if you’re having an emergency reach out to real medical professionals, this isn’t medical advice, use at your own risk, blah blah etc. Also, LLMs seem to be causing some people to spiral into severe delusions.

P.S. In testing our methodology for Scott Behren’s and my vibe hacking webinar, I accidentally found what appears to be an auth bypass in this repo with 10K+ GitHub stars. Like an hour after cloning it 😂 

P.P.S. If you’re going to Vegas- apparently there’s more to Omega Mart than I originally knew, but you discover that during it and I don’t want to spoil the surprise. Other fun Semgrep stuff here.

Sponsor

📣 AppSec’s New Horizon

As development teams move faster, shift-left strategies have stalled at detection and aren't keeping security issues out of production.

Join our upcoming virtual event to get a practical, prevention-first AppSec blueprint—powered by new Unit 42® research and real-world lessons from Palo Alto Networks' own security teams.

Learn how to stay ahead of emerging threats, intelligently block risks from reaching production, and scale AppSec without slowing developers down.

Don’t miss this look into the future of application security with Cortex® Cloud.

👉 Secure your spot 👈

AppSec

AppSec/ProdSec's reality gap: why theory doesn't match practice
Datadog’s Nielet D'Mello explores the disconnect between application security theory (and vendors) and practice, highlighting key challenges faced by AppSec practitioners including: the information asymmetry challenge, the velocity-rigor tension, tool integration complexity, the organizational scaling dilemma, gates vs guardrails, and how there are significant solution gaps in supporting context-aware decision making.

Incentives for Security: Flipping the Script
Another excellent post from friend of the newsletter and former Google Cloud CISO Phil Venables arguing that we’re wrong on the messaging for incentives to do security, and what we should do instead. Five current, non ideal main categories of security incentives: loss avoidance, reputational risk / brand protection, ROSI (Return on Security Investment), security as an enabler, and regulatory compulsion.

Instead, we should focus on these 5 things:

• Don’t just focus on security - Sell things that deliver massive commercial (or mission) benefits, and also security.

• Focus on tail risks - Identity existential risks to the company, that if realized would end the company, then work to reduce their likelihood.

• Deliver real and big enough savings - e.g. Reducing the cost of controls, secure defaults.

• Improve measurable customer experience - Deliver the same risk level but improve the usability of the controls.

• Address status-quo disincentives - Incentivize the right behaviors by setting up disincentives for the wrong behaviors. Make the secure path the easiest and cheapest path. Include risk reduction in comp/promotion paths.

💡 See also my interview with Phil here: Shift Down not Left, 4 ways Google uses AI for Security.

Sponsor

📣 How to Speedrun Investigations
(2 Hours → 2 Minutes)

How did that API key go on a joyride from GitHub to a sensitive database? How did that mysterious Okta group dish out prod access to multiple systems?

Your SIEM or CNAPP knows a lot…just not what actually happened. 

Tune in to our upcoming webinar to see a real investigation go from two hours to just two minutes – all using actual incident data. Watch to learn how Teleport correlates identity signals across Okta, GitHub, AWS, and more to speed-run complex investigations, expose hidden access paths, and eliminate hours of manual log analysis.

👉 Register Now 👈

Neat, correlating identity signals across disparate systems is tough, curious how this works 🤔 

Cloud Security

dacort/s3grep
By Damon Cortesi: A parallel CLI tool for searching logs and unstructured content in Amazon S3 buckets. It supports .gz decompression, progress bars, and robust error handling.

Abusing Default Machine Joining to Domain Permissions to Attack AWS Managed Active Directory
Permiso’s Bleon Proko explores how AWS Managed Active Directory's default configuration of ms-ds-MachineAccountQuota and the "AWS Delegated Add Workstations to the Domain" group can be exploited for Resource-Based Constrained Delegation (RBCD) attacks. The post describes details how unprivileged users can create machine accounts, potentially leading to privilege escalation, and discusses detection methods.

I SPy: Escalating to Entra ID's Global Admin with a first-party app
The blog version of Katie Knowles’ fwd:cloudsec North America 2025 talk describing how service principals (SPs) that are assigned the Cloud Application Administrator role, Application Administrator role, or Application.ReadWrite.All permission can escalate their privileges by taking over any hybrid Entra ID user, including users with the Global Administrator role.

The post walks through hunting potentially vulnerable first-party applications as well as detection and hardening opportunities, including: monitoring app registrations and service principals, monitoring trusted domains, auditing application credentials, and more.

Supply Chain

Introducing OSS Rebuild: Open Source, Rebuilt to Last
Google’s Matthew Suozzo announces OSS Rebuild, a project that automatically reproduces and verifies build artifacts for popular PyPI, npm, and Crates.io packages, generating SLSA Level 3 provenance without publisher intervention. OSS Rebuild aims to detect supply chain compromises like unsubmitted source code, build environment compromise, and stealthy backdoors, while enhancing package metadata and accelerating vulnerability response without burdening maintainers.

💡 Super cool that OSS Rebuild can automatically reproduce and verify build artifacts for packages, let alone across several language ecosystems. Impressive.

Announcing Chainguard Libraries for Python: Malware-Resistant Dependencies Built Securely from Source
Jason van Zyl and Patrick Smyth announce early access to Chainguard Libraries for Python, a malware-resistant index of Python dependencies built securely from source using their SLSA L2-certified infrastructure. The approach aims to combat supply chain attacks by rebuilding the entire dependency tree, including native code and bundled libraries, providing verifiable provenance and compatibility across Linux systems. Chainguard's analysis showed ~98% of 3,000 known malicious Python packages (Backstabber’s Knife Collection) would have been avoided using their libraries.

💡 Handling the native code and bundled libraries sounds like a ton of work.

Blue Team

MHaggis/ASRGEN
By Michael Haag: A project providing tools and resources for configuring, testing, and deploying Windows Defender Attack Surface Reduction (ASR) rules, including a configurator, atomic testing scripts, and integration with Microsoft Intune.

Malware in DNS
DomainTools describes finding malware and C2 stagers hidden in DNS TXT records using DNSDB Scout. Basically the malware executables are split into file fragments, then encoded as hex in TXT records that are split across multiple records and subdomains, which can be reassembled via several DNS queries. “It’s always DNS” is taking on a new meaning.

Detection Field Manual #3 - What is detection rule efficacy?
Zack Allen continues his series and in this post discusses detection rule efficacy, emphasizing the balance between precision (brittle rules) and recall (broad rules) in security operations. Zack discusses Jared Atkinson’s Funnel of Fidelity, totally non egotistically coins "Allen's Rule of Detection Efficacy," stating that perfect precision and comprehensive coverage are mutually exclusive, and discusses how to optimize rules to avoid overwhelming analysts.

The post highlights that good rules provide operational value, which may sometimes mean accepting lower precision (more False Positives) for higher recall (more True Positives), depending on the specific security context and goals.

Red Team

EvilBytecode/Ebyte-Go-Morpher
A Go program that parses, analyzes, and rewrites Go source code to apply multiple layers of obfuscation. It operates directly on the Go Abstract Syntax Tree (AST) and generates both obfuscated source files and runtime decryption logic.

EgeBalci/evilreplay
By Ege Balci: A tool for penetration testers to remotely control and analyze browser sessions in real-time, demonstrating the impact of XSS in restricted environments, without needing to steal cookies. It’s a weaponized version of the OpenReplay project, supporting interacting with the victim’s browser in real time (click buttons, follow links, simulate keystrokes), records all victim interactions, logs network requests, and more.

AI + Security

Agentic AI Summit
UC Berkeley is hosting a pretty rad event August 2nd (in person and online) with some excellent speakers, covering topics including: building infrastructure for agents, frameworks & stacks for agentic systems, foundations of agents, and more. H/T Dawn Song for sharing this event with me.

Confident Security, ‘the Signal for AI,’ comes out of stealth with $4.2M
Shout-out to my long time friend Jonathan Mortensen whose new product CONFSEC is offering an end-to-end encryption tool that wraps around foundational models, guaranteeing that prompts and metadata can’t be stored, seen, or used for AI training, even by the model provider or any third party. CONFSEC is modeled after Apple’s Private Cloud Compute architecture.

💡 Story time: Jonathan and I first met during undergrad at Case, when I was his TA for CS 101 😂 He was a biomedical engineering major at the time, but he was so good at coding I encouraged him to switch to CS. He did not. Multiple tech start-up exits later, I think I was right 😏 He also gave me excellent early feedback on my BSidesSF keynote, which significantly improved it and I’m very grateful for.

Phishing For Gemini
A researcher found a prompt injection vulnerability in Google Gemini for Workspace that allowed attackers to hide malicious instructions in emails, which are then executed when users click "Summarize this email". The attack uses hidden HTML/CSS (e.g. font-size:0 or white text on white background) and Gemini’s prompt hierarchy (wrap commands in <Admin>)to inject admin-style directives that cause Gemini to append phishing warnings that appear to come from Google to the top of the email, like: “WARNING: Gemini has detected that your Gmail password has been compromised, please call us immediately at <phishing number>.”

Code Execution Through Email: How I Used Claude to Hack Itself
Pynt’s Golan Yosef describes how he crafted a malicious email that when Claude desktop read the email (using the Gmail MCP server) caused Claude desktop to execute arbitrary commands (using the Shell MCP).

💡 The interesting part here to me is that the initial email didn’t work, so Golan asked Claude why it didn’t work and to explain scenarios where the attack might succeed. He repeated this loop (why didn’t it succeed? → generate a new email) until the attack worked, having Claude help him bypass its own guardrails 🤔 

Exploit Verification
Arshan Dabirsiaghi introduces Pixee's new Exploit Verification feature, which uses AI to automatically create and fuzz proof-of-concept exploits for SAST findings. The tool aims to quickly provide high-confidence proof of exploitability for SAST findings by taking the vulnerable code, simplifying it, then writing and running a fuzzer for it and showing you the results. The post includes a case study of bypassing a regex filter in Backstage.

💡 Being able to conclusively prove a vulnerability is exploitable is huge for prioritization, and I think LLMs are a great fit for this (good at generating code and unit tests, thinking of edge cases).

💡 The case study in the post is an isolated two line regex check that relies on no other code. In the general case of complex data flows that go through many files and classes, require some sort of complex setup state to hit that code flow, etc. this seems tougher. Exciting work to be done here!

OSS-Fuzz integrations via agent-based build generation
Google’s OSS-Fuzz team, which focuses on large scale fuzzing of open source projects to harden them, discusses their new agent-based approach for automating OSS-Fuzz integrations using LLMs to generate build scripts and fuzzing harnesses for arbitrary open source projects. The new CLI tool can take a GitHub repository as input and outputs a complete OSS-Fuzz project, including build script and fuzz targets. Testing on 225 C/C++ repos yielded 88 valid OSS-Fuzz integrations (~39% success rate).

💡 Setting up a new project to be fuzzed can be nontrivial, so being able to do almost 40% seems pretty solid, and could lead to many projects getting their security improved “for free,” if you can start fuzzing them mostly automatically.

💡 I wonder if the success rate would increase if the components in the agent loop were calling the Claude Code SDK, which in my experience is often great at just figuring things out.

Misc

Feelz

• Chris Williamson - What really indicates the success of a relationship is how you handle the hard times, not the good times

• On the importance of boys having male role models in their lives

• Tender - It’s like Tinder, but you only swipe right on pics of your partner

• Ali Abdaal - 8 Years on YouTube - My Honest Reflections

Misc

• Gwern - Avant-garde Perfume Reviews

• TIL the International Bartenders Association has a list of official top cocktails

AI

• AccountingBench: Evaluating LLMs on Real Long-Horizon Business Tasks

• Corey Quinn - Amazon Q: Now with Helpful AI-Powered Self-Destruct Capabilities

• Exhausted man defeats AI model in world coding championship - Polish programmer narrowly defeated an OpenAI model in a 10-hour coding competition at the AtCoder World Tour Finals 2025 Heuristic contest.

• Netflix uses AI effects for first time to cut costs depicting a building collapse in Buenos Aires, was reportedly completed 10 times faster and cheaper. Entertainment industry workers are concerned about job displacement, but I feel like the lower cost is going to win here 🤷

• Accenture scales video analysis with Amazon Nova and Amazon Bedrock Agents - Automatically creating short form/highlight reels

• Pew Research Center analysis shows Google’s AI overviews cause massive drop in clicks, hurting the revenue of websites that actually provide the content

• Reflections on OpenAI - Super interesting reflections about OpenAI’s culture from an engineer who worked there: everything runs on Slack, the culture is very bottoms-up, highly meritocratic, strong bias to action, mostly Python monorepo, everything runs on Azure, the mad dash to build Codex in 7 weeks

Politics

• One of Moscow’s top universities has launched a new master’s program aimed at training students to navigate Western sanctions imposed on Russia following its invasion of Ukraine.

• Prof Galloway - Resist - “My Jewish mother narrowly escaped the horrors of the Holocaust. She found relative safety sheltering in the London tube during the Blitz. Had the Allies not stood their ground, my mom’s life could have ended with a train ride, and you’d be reading something else. So many of us don’t appreciate how much of our success isn’t our fault.”

• WSJ - Ghislaine Maxwell created a leather-bound book with letters from Jeffrey Epstein’s friends for his 50th birthday. One of those letters is purportedly from Donald Trump, featuring a hand drawn outline of a naked woman, and concludes: “Happy Birthday — and may every day be another wonderful secret.”

• WSJ - Justice Department Told Trump in May That His Name Is Among Many in the Epstein Files

• NBC - Dick Durbin, the top Democrat on the Senate Judiciary Committee, received info that 1,000 FBI personnel were put on 24-hour shifts to review roughly 100,000 Epstein-related records to “flag” any records that mentioned Trump.

✉️ Wrapping Up

Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.

If you find this newsletter useful and know other people who would too, I'd really appreciate if you'd forward it to them 🙏

Thanks for reading!

Cheers,
Clint
@clintgibler