2nd Sight Lab

I noticed the person who suggested I was drinking when I posted these trying to figure out what was wrong with Opus 4.6 has deleted his comment. 😁 Some of us have spidey sense from doing this way too long. I provided a bunch of feedback to Anthropic on X as well. When you know you know. Glad they fixed it.

Reducing Token Burn Rate With A Well-Designed Architecture
Trying to put out the AI token fire - or at least manage it as a controlled burn by using deterministic scripts for gathering inputs and directing agents

Reducing Token Burn Rate With A Well-Designed Architecture Trying to put out the AI token fire - or at least manage it as a controlled burn by using deterministic scripts for gathering inputs and directing agents

How I Use AI for Pe*******on Testing. Presentation at the AWS Security Community Day at the Computer History Museum on YouTube

AWS Community Day How I Use AI for Pe*******on Testing [Advanced] - Teri Radichel

Anthropic Mythos ~ Anthropic released a new model they claim is scary good at finding security vulnerabilities. What questions should we be asking?

This is not a hot take. I’m just pondering how much we can trust a model, the purported ROI, and how we can evaluate the risk of relying on it.

Anthropic Mythos Anthropic released a new model they claim is scary good at finding security vulnerabilities. What questions should we be asking?

I’ve added links to my presentation on how I use AI 🤖 for pentesting 😈 in this post. Most of the slides have a related blog post and I’ll probably write more about all these topics as I research this further. The PDF has links to related posts.

https://teriradichel.substack.com/p/how-i-use-ai-for-penetration-testing

🤖🤖🤖🤖🤖🤖🤖🤖🤖🤖🤖🤖
Pentesting is not a scanner or a fuzzer - whether SAST, DAST, AI, deterministic or non-deterministic. Pentesting is a human * using those tools * to see if they can find a security problem that your teams and tools may have missed.
🤖🤖🤖🤖🤖🤖🤖🤖🤖🤖🤖🤖

I read all the Mythos hype right after I submitted my talk for today at the Computer History Museum. Did I need to change my slides? Nope.

How I Use AI for Pe*******on Testing Speaking at the Computer History Museum in Mountain View, CA April 10, 2026

Wonder if this has anything to do with performance degradation of anthropic models. But are you now paying more for same effort you were getting previously if you change this?

• Default Shift: In March 2026, users on Reddit and developer forums reported that the default was quietly shifted from high to medium for many subscribers, which explains the sudden change in performance.

Need to check this out later. Flying out to speak at AWS Community Day in Mountain View.

FBI: Americans lost a record $21 billion to cybercrime last year

FBI: Americans lost a record $21 billion to cybercrime last year U.S. victims lost nearly $21 billion to cyber-enabled crimes last year, driven primarily by investment scams, business email compromise, tech support fraud, and data breaches, the Federal Bureau of Investigation says.

I was just listening to an interview on the radio with a person who worked at a hospital.

1. Your cyber insurance makes you a target. They know how much you can pay.

2. Don’t use your backups until you have eliminated the attacker or they will encrypt your backups too.

3. Pull the plug until you figure that out and cut them off (except critical patient machines). The hospital in story I was listening to had people running across the hospital when faxes were overused and started smoking.

4. They got in because the hospital was running out of date software and one person clicked a link about a bonus. (And apparently no network segregation?)

Hospital was down and patients needing cancer treatment had to drive over a mountain to nearest hospital so oncology was first restored.

Was part of a wave of attacks on rural hospitals during Covid.

I believe the ransomware was Medusa but I thought they said was attributed to Russia. Attribution is difficult. You might not really be sure, especially with AI.

China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware Storm-1175 exploits 16+ CVEs since 2023, including zero-days, enabling rapid Medusa ransomware attacks within 24 hours.

How I Use AI for Pe*******on Testing

Speaking at the Computer History Museum in Mountain View, CA April 10, 2026

How I Use AI for Pe*******on Testing Speaking at the Computer History Museum in Mountain View, CA April 10, 2026