The Insider Weekly #9 - An Uninteresting Bug worth $800 | ChatGPT PRO | LLM Apps
Ok, where do we start?
1,000 new people joined the newsletter. Welcome all y’all! In this weekly briefing, I’m including things I’ve been working on in cybersecurity and AI, interesting reads, and stuff from my personal life.
The TLDR for last week:
I’ve been more into AI than cybersecurity. I’ve completed two pentests for different clients and I’m currently working on another one. I usually do about 3 pentests per week so I had some spare time in my cyber work, which I devoted to private bug bounty programs on Intigriti and other platforms. I reported a vulnerability that was immediately triaged, accepted, and rewarded $800. It was an uninteresting bug, which I wrote about it on Twitter.
A larger chunk of my time has been devoted to AI and machine learning; more specifically to large language models (LLMs). I mostly focused on experimenting with different ways to process and store embeddings for collections of documents.
I’m building something that integrates AI into cybersecurity and this type of experimentation is crucial. I’ve had modest success using vector databases stored locally via FAISS indexing. And I also tried pinecone, which is a service optimized for the same purpose. If you don’t understand anything, let me briefly explain.
LLMs, such as GPT-3, can be used (among other things) to provide insights into data. Let’s say that I want to ask GPT-3 questions from a book. I give GPT-3 the text of the book, it learns it, then I can query it.
A step-by-step process for this would be (roughly):
Save each chapter of the book as a text file.
Preprocess it (chunk each text into smaller pieces, etc.).
Use embeddings to create numerical representations for each piece and put them in a vector store.
Query.
This is an extreme oversimplification (for insight). As I said, I’ve had some modest results, but eventually, I’ll be getting there. I’m learning a lot in the process and I find it very exciting and satisfying. I’ve also played in GCP with different functionalities that will help me further down the road with my something.
What’s also cool is that there are a lot of smart people working on similar projects at the same time and there’s at least one new implementation or alternative every day. Look up `chat over your data` and you’ll see what I’m talking about.
Langchain, GPT-index, and OpenAI are the heavy players in this project of mine; plus other dozens of smart people. Hopefully, I’ll have something up and ready to use in a month or so.
Have something to tell me? Reply to this email or comment below.
On another note, I found time to write a review of inigo.io, which is a platform for GraphQL management and security that changes the game for companies with GraphQL implementations. You can read it on my Medium blog.
I’m also closer to releasing my Recon in Cybersecurity course on the AppsecEngineer platform. This course has already been published on Udemy, it has 10,000 students and a 4.9 rating. However, what’s cool about the release on AppsecEngineer is that it will be accompanied by labs where you can practice what I teach in the course. Stay tuned.
If you decide to subscribe to AppsecEngineer you can use my code CRISTIVTAKE5 for 5% off the monthly plan, and CRISTIVTAKE10 for 10% off the yearly plan.
Notable mentions:
I subscribed to ChatGPT PRO. It helps me tremendously with my work in cybersecurity and AI.
I need to reemphasize: turning all phone notifications off has been a game-changer. I’m having large chunks of unperturbed work because of this. If you want to achieve something meaningful in your work/life, all notifications should be off (except calls/text messages). I can’t stress this enough. This doesn’t mean I don’t use my phone anymore. I check email and a few apps every 2-3 hours or less frequently. This way, I am the one in charge of my attention and not my phone.
Alongside elicit.org, consensus.app is becoming another great player in AI-powered scientific research. Their punchline: We use language models to surface expert answers from research papers.
I designed and published my first prompt on promptbase.com. It’s called Learn AI Algorithms. It got 2 sales so far. So, another business avenue has been validated. What’s a prompt you may ask? Learn more here.
That’s all for now. I’ll see you next week.