Busy week! AI, AI, AI and the death of Flash!

Semgrep released a set of agent skills worth looking into: Semgrep's Agent Skills.

You may think "just another MCP bug" but this post is actually worth reading: Shaking the MCP Tree: A Security Deep Dive.

This section resumes it: "Opus 4.6 is notably better at finding high-severity vulnerabilities than previous models": Evaluating and mitigating the growing risk of LLM-discovered 0-days.

If you are working on a "LLM based hacker", you are going to want to read this: Co -RedTeam: Orchestrated Security Discovery and Exploitation with LLM Agents.

Promptfoo is a neat tool to add to your red teaming arsenal: An introduction to automated LLM red teaming.

A great post on how to scale tooling for agent: Scalable research tooling for agent systems.

That's something I toyed with in 2012 (Monitoring repositories for Fun and Profit - Ruxcon 2012), I used basic rules at the time. Obviously, having LLMs is a game changer for this kind of workload: Discovering Negative-Days with LLM Workflows.

The story of the death of Adobe Flash, a must-read for AppSec practitioners. What Really Killed Flash Player: A Six-Year Campaign of Deliberate Platform Work.