They are most likely using these as post-fact indicators and have automation they kicks in after a threshold is reached.

Now that the indicators have leaked, they will most likely be rotated.

Are you referencing the use of Claude subscription authentication (oauth) from non-Claude Code clients?

That’s already possible, nothing prevents you from doing it.

They are detecting it on their backend by profiling your API calls, not by guarding with some secret crypto stuff.

At least that’s how things worked last week xD

I’ve got an internal tool that we use. It doesn’t do the deterministic classifier, but purely offloads to an LLM. Certain models achieve a 100% coverage with adversarial input which is very cool.

I’m gonna have a look at that deterministic engine of yours, that could potentially speed things up!

So 27 individual implementations of this, as opposed to the current 27 different implementations of how to incorporate and assign equity?

Seems… silly?

I’m all for making it more attractive to create startups in the EU… But I don’t think a directive is the right way

A thing to consider would be to make it easier (or perhaps bake it in) to separate out parts of the app into a separate origin. Something that would be good for pretty much any SaaS app would be to separate the IAM out (could still embed it with an iframe) - this allows you to keep a fairly tight security policy for the IAM stuff and a more lax one for the rest of the app. Kinda how Google separates out accounts.google.com.

It was basically spawned out of the government needing help with investigating crypto - I think it was Mt. Gox…

Works great with commit hooks :P

Also working on a feature to recursively scan remote dependencies for lack of pins, although that doesn’t allow for fixing, only detection.

Very much alpha, but it works.

With the self-host option, it’s not really clear through the docs if one is able to override the base url of the different model providers?

I’m running my own OpenAI, Anthropic, Vertex and Bedrock compatible API, can I have it use that instead?

But thinking on it a bit more, from the LLMs perspective there’s no difference between the rule files and the source files. The hidden instructions might as well be in the source files… Using code signing on the rule files would be security theater.

As mentioned by another comms ter, the solution could be to find a way to separate the command and data channels. The LLM only operates on a single channel, that being input of tokens.

Your time is much better spend detecting or preventing compromise.

What does a seat entail? You talk about self serve (I love it!), but would the users that self-serve take up a seat? Or are seats just for the folks creating the modules?

The SDK discovery works great though :D

Downside is the 250ms latency. But then again, a fair amount of workloads can deal with 250ms of latency.

Love you blog, it’s nice to read something written by an actual human being nowadays. I keep several of you articles bookmarked for reference.