Hacker News: niros_valtos

New comment by niros_valtos in "Anthropic's open-source framework for AI-powered vulnerability discovery"

niros_valtos — Fri, 05 Jun 2026 01:02:09 +0000

I think that the cost of Opus is already prohibitively expensive, so not sure how that would compare to Mythos. Check this calculator- it shows that a company with 100 devs can hit ~2.5M cost on tokens annually, which is wild! https://ai-cost-calculator.arnica.io

New comment by niros_valtos in "Open source project contains hidden instruction for "AI" agents: delete my code"

niros_valtos — Tue, 02 Jun 2026 14:36:51 +0000

This is the supply chain problem climbing up a layer. We spent a decade learning not to pipe random scripts into a shell, and now agents will happily read a repo's files as instructions. Better detection of malicious comments will not fix it. An agent reading a file should never treat the contents as commands, the same lesson SQL injection taught, relearned for LLMs.

New comment by niros_valtos in "Vibe Coding Is Not Engineering"

niros_valtos — Sun, 31 May 2026 17:59:05 +0000

The line I'd draw is accountability: who owns it in prod at 3am. Vibe coding is fine for throwaway and prototypes, and it becomes a problem when the prototype quietly turns into the system and nobody can explain how it works. Don't get me wrong, there is a room for production systems coded completely with AI, it just needs to be more thoughtful in the way it is done.

New comment by niros_valtos in "Ask HN: How is your org managing PR review load as AI multiplies code output?"

niros_valtos — Sun, 31 May 2026 17:54:38 +0000

We hit this too, and what helped wasn't more reviewers. We pushed the trivial checks (style, obvious bugs, secret and other deterministic scanning) onto automation so humans only look at intent and design, and the trap to avoid is letting AI both write and "review" the code, since you want the review signal independent of what generated it. There is another way we are experimenting these days too - building a gauge of how much a human in the loop is needed based on our confidence on the changes AI analyzes.

New comment by niros_valtos in "Making frontier cybersecurity capabilities available to defenders"

niros_valtos — Sat, 21 Feb 2026 01:21:17 +0000

Definitely not a surprise they ship it. This is manageable for a small subset of repos scanned once. Reality is that code changes frequently and such rescans are expensive especially with thinking models. You can open a PR too, but then there are other missing workflows as rebasing when there are conflicts, finding the devs with the right expertise to review/test the fix, etc. bottom line - I see it is an interesting research tool but not more than that.

Opengrep – A Fork of Semgrep

niros_valtos — Thu, 23 Jan 2025 15:25:09 +0000

Article URL: https://pulse.latio.tech/p/announcing-opengrep

Comments URL: https://news.ycombinator.com/item?id=42804916

Points: 13

# Comments: 3

Show HN: Semgrep rule to identify malicious Python code

niros_valtos — Thu, 07 Mar 2024 12:58:40 +0000

Article URL: https://gist.github.com/nir-valtman/a4f743dc0570b68ab20743b2123b65ac

Comments URL: https://news.ycombinator.com/item?id=39628526

Points: 2

# Comments: 0

Show HN: Semgrep Rule That Identifies GitHub Repo Confusion Attack IOCs

niros_valtos — Thu, 07 Mar 2024 01:35:10 +0000

Article URL: https://www.arnica.io/blog/malicious-code-campaign-on-github-repos

Comments URL: https://news.ycombinator.com/item?id=39624094

Points: 2

# Comments: 0

Cellular Outage Caused by Cyber Attack? Speculations on Social Media

niros_valtos — Thu, 22 Feb 2024 14:23:43 +0000

Article URL: https://www.ibtimes.sg/cyber-attack-causes-major-cellular-outage-speculations-social-media-t-verizon-t-mobile-users-73556

Comments URL: https://news.ycombinator.com/item?id=39467480

Points: 3

# Comments: 0

New comment by niros_valtos in "Ask HN: Create PR from GitHub Desktop?"

niros_valtos — Tue, 13 Feb 2024 01:30:19 +0000

Download the GitHub CLI. Run ‘ gh pr create’. Good luck!

New comment by niros_valtos in "Show HN: Loz – Automate Git Commit Messages with LLM"

niros_valtos — Sun, 11 Feb 2024 17:15:11 +0000

This is great! Github Copilot used to summarize our PRs - I think it can work perfectly as a Github workflow to add comments to newly opened PRs. Can be a nice experiment to use multiple models and compare the comments to determine what works better.