Cristi Vlad

Share this post

The Insider Weekly #9 - An Uninteresting Bug worth $800 | ChatGPT PRO | LLM Apps

cristivlad.substack.com

Discover more from Cristi Vlad

notes on AI, cybersecurity and life
Over 4,000 subscribers
Continue reading
Sign in

The Insider Weekly #9 - An Uninteresting Bug worth $800 | ChatGPT PRO | LLM Apps

Cristi
Feb 17, 2023
1
Share this post

The Insider Weekly #9 - An Uninteresting Bug worth $800 | ChatGPT PRO | LLM Apps

cristivlad.substack.com
Share

Ok, where do we start?

1,000 new people joined the newsletter. Welcome all y’all! In this weekly briefing, I’m including things I’ve been working on in cybersecurity and AI, interesting reads, and stuff from my personal life.

The TLDR for last week:

I’ve been more into AI than cybersecurity. I’ve completed two pentests for different clients and I’m currently working on another one. I usually do about 3 pentests per week so I had some spare time in my cyber work, which I devoted to private bug bounty programs on Intigriti and other platforms. I reported a vulnerability that was immediately triaged, accepted, and rewarded $800. It was an uninteresting bug, which I wrote about it on Twitter.

Twitter avatar for @CristiVlad25
🇷🇴 cristi @CristiVlad25
Story of an uninteresting bug. 👇
3:17 PM ∙ Feb 16, 2023
30Likes6Retweets

A larger chunk of my time has been devoted to AI and machine learning; more specifically to large language models (LLMs). I mostly focused on experimenting with different ways to process and store embeddings for collections of documents.

I’m building something that integrates AI into cybersecurity and this type of experimentation is crucial. I’ve had modest success using vector databases stored locally via FAISS indexing. And I also tried pinecone, which is a service optimized for the same purpose. If you don’t understand anything, let me briefly explain.

LLMs, such as GPT-3, can be used (among other things) to provide insights into data. Let’s say that I want to ask GPT-3 questions from a book. I give GPT-3 the text of the book, it learns it, then I can query it.

A step-by-step process for this would be (roughly):

  1. Save each chapter of the book as a text file.

  2. Preprocess it (chunk each text into smaller pieces, etc.).

  3. Use embeddings to create numerical representations for each piece and put them in a vector store.

  4. Query.

This is an extreme oversimplification (for insight). As I said, I’ve had some modest results, but eventually, I’ll be getting there. I’m learning a lot in the process and I find it very exciting and satisfying. I’ve also played in GCP with different functionalities that will help me further down the road with my something.

What’s also cool is that there are a lot of smart people working on similar projects at the same time and there’s at least one new implementation or alternative every day. Look up `chat over your data` and you’ll see what I’m talking about.

Langchain, GPT-index, and OpenAI are the heavy players in this project of mine; plus other dozens of smart people. Hopefully, I’ll have something up and ready to use in a month or so.


Have something to tell me? Reply to this email or comment below.


On another note, I found time to write a review of inigo.io, which is a platform for GraphQL management and security that changes the game for companies with GraphQL implementations. You can read it on my Medium blog.

I’m also closer to releasing my Recon in Cybersecurity course on the AppsecEngineer platform. This course has already been published on Udemy, it has 10,000 students and a 4.9 rating. However, what’s cool about the release on AppsecEngineer is that it will be accompanied by labs where you can practice what I teach in the course. Stay tuned.

If you decide to subscribe to AppsecEngineer you can use my code CRISTIVTAKE5 for 5% off the monthly plan, and CRISTIVTAKE10 for 10% off the yearly plan.


Notable mentions:

  • I subscribed to ChatGPT PRO. It helps me tremendously with my work in cybersecurity and AI.

    Twitter avatar for @CristiVlad25
    🇷🇴 cristi @CristiVlad25
    In my work in Cybersecurity and AI, #ChatGPT is probably one of the best monthly investments. With good prompting, I get straight answers. And I don't have to look through multiple Google results, which can be time-consuming and confusing.
    4:26 PM ∙ Feb 16, 2023
    25Likes2Retweets
  • I need to reemphasize: turning all phone notifications off has been a game-changer. I’m having large chunks of unperturbed work because of this. If you want to achieve something meaningful in your work/life, all notifications should be off (except calls/text messages). I can’t stress this enough. This doesn’t mean I don’t use my phone anymore. I check email and a few apps every 2-3 hours or less frequently. This way, I am the one in charge of my attention and not my phone.

  • Alongside elicit.org, consensus.app is becoming another great player in AI-powered scientific research. Their punchline: We use language models to surface expert answers from research papers.

  • I designed and published my first prompt on promptbase.com. It’s called Learn AI Algorithms. It got 2 sales so far. So, another business avenue has been validated. What’s a prompt you may ask? Learn more here.

    Twitter avatar for @CristiVlad25
    🇷🇴 cristi @CristiVlad25
    Now you can sell #ai prompts, something that didn't exist just a year ago. My first prompt is live @promptbase for $1.99
    promptbase.comLearn Ai Algorithms GPT-3 Prompt | PromptBaseThis prompt turns GPT3 into your engaging virtual teacher for AI algorithms. It explains, step by step, all the math behind the most important algorithms and it then shows you how to implement them in Python. I use this myself.
    8:26 AM ∙ Feb 13, 2023
    9Likes2Retweets
  • A 5 bullet point methodology for finding XSS.


That’s all for now. I’ll see you next week.

1
Share this post

The Insider Weekly #9 - An Uninteresting Bug worth $800 | ChatGPT PRO | LLM Apps

cristivlad.substack.com
Share
Comments
Top
New
Community

No posts

Ready for more?

© 2023 Cristian Vlad Zot
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing