Enclave @EnclaveAI
AI-powered code security that understands your environment and surfaces only the vulnerabilities that can actually be exploited enclave.ai United States Joined December 2025-
Tweets81
-
Followers186
-
Following9
-
Likes246
The Five Eyes agencies just put out a joint statement on AI and cyber risk. The advice? Standard stuff. What's not standard is five allied governments co-signing it together. ncsc.gov.uk/news/the-ai-sh…
Set roles for your team in Enclave and control who can reach which findings, data, and agent capabilities. Least privilege, built in.
If your AI coding tool is also reviewing your code for security, you don't have a second opinion. You have an echo chamber. Model lock-in creates a critical gap in security. Relying on a single AI model for both dev and code review forces the reviewer to repeat the exact same flawed assumptions and architectural biases that went into writing the software. True oversight requires an entirely independent system. Enclave acts as that independent, system-level reviewer. Because we are completely separate from code-generation tools, we evaluate software objectively regardless of whether a human or an AI agent wrote it. The platform maps data flows, tracks trust boundaries, and flags the specific architectural vulnerabilities that actually matter across your codebase. Keep your development flexible and your security independent. enclave.ai
Connect Enclave to Claude in one click, then get your findings, PR scan status, and threat models right where you work.
Malware devs found a way to evade AI SAST and other LLM-based code scanners: trigger the model's safety guardrails on purpose. They stuffed spyware with nuclear and bioweapons text, tucked into comments that never execute. The scanner's model hits its safety filter, refuses to analyze the file, and the malware passes through unscanned. Every hard refusal a model ships with is also a behavior attackers can trigger whenever it suits them. Great catch by @SocketSecurity!
NEW: malware developers added nuclear & biological weapons text to to their spyware. Goal? To trigger LLM safety refusals... so that their spyware wouldn't be analyzed by an AI security scanner. Cleanest practical example I can think of for why over-indexing on first order
EnclaveAI CEO Tal Hoffman @talhof8: "The thing that did change is the amount of AI generated reports in bug bounty programs. This has become a massive problem for the industry... it has become unmanageable to handle those reports. So I do think that the thing that kinda does change a little bit is the focus from a report or a finding to is this exploitable or not."
Traditional AppSec tools chase surface-level patterns, leaving security teams drowning in alerts with zero direction Enclave’s Map kills that noise. Break down your workspace down into specific threat sectors. Every sector pre-loads: • System architecture & dependencies • Live data flows & trust boundaries • Defined role models Pick the sector and get high-confidence findings with immediate reproduction steps and fix prompts. No alert fatigue. Just architectural flaws that matter. enclave.ai
[NEW FEATURE] Cloud deployed or self-hosted? Enclave now supports GitHub Enterprise or GitLab. Settings → Connections.
Send Enclave findings straight to Jira or Linear. One click, zero copy-pasting, full context. Team and Enterprise plans go to Settings → Integrations → Issue Trackers.
We found a debug flag enabled in 6 Microsoft Android apps that turned into a vulnerability Any app on the device could access the Microsoft account Affecting: Word, OneNote, PowerPoint, Excel, 365 Copilot, Loop. Here's the full story of "FlagLeft": 🧵
We found setIsDebugMode(true) shipped in production across M365 on Android, hitting Word, Excel, PowerPoint, OneNote, Copilot, Loop. Any app on device could just access account tokens undetected. How? a shared SDK.
Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk securityweek.com/exclusive-how-…
Enclave now checks the packages your PRs pull in, not just your code. It flags risky deps (install scripts, brand‑new releases, known CVEs) as inline PR concerns. It only runs when the PR changes a manifest or lockfile (e.g., package.json, yarn.lock, pyproject.toml, poetry.lock). For those files, it computes a normalized dependency diff (PackageChange[]) to see which packages were added, upgraded, downgraded, or newly appear as transitives.
99K+ repos depend on numexpr. GDAL is the default stack for geospatial. That’s not “some Python libs.” That’s infrastructure. And we turned both into RCE. enclave.ai/blog/maproot-t…
What happens when your math and map processing libs become RCE vectors? We've exploited OSS libraries to pop 2 shells on Microsoft's cloud infra, got assessed "low" severity, and found 2 bypasses again to defend our case, almost losing out on 6 digits in bounties The current impact is over 120,000 repos just on GitHub. AI agents, LangChain, TiTiler, pandas. Everybody wants the researchers to be responsible. Here's how responsible disclosure looks like from the other side:
YChan @YongtingC58331
1 Followers 18 Following
Todd from Security @Todd_CISO
127 Followers 324 Following SVP, Chief Information Security Officer @ Globex Corp | My job is 50% risk management, 50% steak dinners | Advisor to 17 startups including @alien
Katz @Katz613
22 Followers 1K Following
HoLee Cow @0xcowsecurity
452 Followers 857 Following Building security workflows @ https://t.co/LWi0SsNn5u
Adoc @Fit087
533 Followers 3K Following
Cyber Security News @The_Cyber_News
66K Followers 282 Following World’s #1 Largest Cyber Security News 📰 Platform For Security Professionals. Get Latest #CybersecurityNews #HackingNews, #Cyberattack, #Threats & #breaches
2three1y @2three1y
362 Followers 7K Following building accessible software with @claudeai on @github. Checkout @dream_os26
Rachely Romm @RachelyRomm
8 Followers 361 Following
Brian Halbach ☕️ @brianhalbach
1K Followers 6K Following Who has two thumbs and can count to ten. Does cyber security things | abyss gazer | opinions are my own | (he/him)
Besan from Gaza🇵�... @MarahMrhfarhat
322 Followers 2K Following I am Bisan Hamdan, a widow with three daughters I support alone. One has a serious heart condition and needs urgent treatment. Any support could save her life.
Ofek Levin @ofekdavidlevin
28 Followers 108 Following
Low Level @LowLevelTweets
52K Followers 1K Following i make computer do bad 🏴☠️ cybersecurity creator 🧙security researcher 📺 1M+ youtube Business: [email protected]
Curious Chatty @Curious_Chatty
162 Followers 1K Following curious explorer in the world of thoughts, tech, and art… let’s connect the dots…
Adi Pivovarov @AdiPivovarov
0 Followers 151 Following
Md Shafiuddin Shajib @shafi_shajib
1K Followers 1K Following Software Engineer | Tech Enthusiast | Concerned citizen 🇧🇩
JagaJaga @__JagaJaga__
3 Followers 66 Following
Geo Anima @geo_anima
524 Followers 1K Following Cognitively Augmented Cyborg. Co-creating insights and ideas with AI.
🐐 @MultigunFun
802 Followers 4K Following 🏴☠️Instigator of fun & Purveyor of Awesome 🤙 Futurist :: Realist :: Shootist
CheeseNLiberty @CheeseNLiberty
37 Followers 1K Following
陈广 @chain00x
7K Followers 494 Following Call me xsskiller! Full time bug bounty hunter in China🇨🇳 Tencent Cloud Security Public Testing ranked No.1 and Tencent Security Response Center ranked No.2
Deom @Matangub123
22 Followers 275 Following
qb @Unaizahgirl
8 Followers 174 Following
veele @veelesec
144 Followers 567 Following trying to kubernetes | gsoc @mandiant | sih '24 winner | c4gt '25 | lift scholar
Pablo Sabbatella @PabloSabbatella
83K Followers 4K Following Web3 Operational Security researcher 🥷 @opsek_io founder 🕵 @_SEAL_Org member 🦭 @SecuritySeries host 🎙️ We train and audit teams so they don't get hacked 🥷
Aseem Yash 🇮🇳 @aseemyash01
157 Followers 5K Following Cybersecurity student not a pro yet (A lone fighter, carving my own path)
carli @carligrand
17 Followers 337 Following
Itai Leshem @ItaiLeshem
13 Followers 563 Following
NCK @ngchenkai
225 Followers 1K Following
Liam Germain @liamail
367 Followers 2K Following co-founder @sandstonehq eng + design | go: https://t.co/b343l2YUvz @landidofficial
jeremie @jeremie0
179 Followers 1K Following
Julian Galluzzo @galluzzo_julian
1K Followers 1K Following building https://t.co/rZI76XCgRK + working https://t.co/LwEiepVoTG + teaching https://t.co/6X5Ud6YLHF
sam🇰🇪 @lordsa_m
86 Followers 191 Following Digital finance|MEV Automation🤖|blockchain Security researcher|ML/AI (Co founder of https://t.co/RN61QU6KMv)
Michael Shapkin @michael_shapkin
383 Followers 1K Following Independent Blockchain & AI Researcher / Systems Designer
KaizenSky @ArseneSky
107 Followers 1K Following
Akhil Mahendra @Akhil_Mahendra
495 Followers 1K Following Building @getscapia | previously @CRED_club | Security generalist | CTFer{ @teambi0s }
Soroush Pour @soroushjp
2K Followers 2K Following CEO & Co-founder @HarmonyIntel, building defensive cyber to protect humanity's future in age of AI. Prev tech & startups @Plaid, @ItsJustVow & elsewhere.
Ashmit @Ashmitg10
50 Followers 253 Following
Emily @abhishekdi99266
3 Followers 317 Following
Black Hat @BlackHatEvents
425K Followers 2K Following The World's Premier Technical Cybersecurity Conference Series
Jeremy Stoppelman @jeremys
186K Followers 652 Following Co-founder and CEO of Yelp. YIMBY. Pro pedestrians, bikes, and transit.
8VC @8vc
23K Followers 478 Following 8VC is a leading technology investment firm based in Austin, Texas.
Yanir Tsarimi @Yanir_
3K Followers 167 Following Hacker. I write about security & looking for the unknown unknowns. Cofounder @EnclaveAI
Tal Hoffman @talhof8
851 Followers 546 Following CEO/Co-Founder @EnclaveAI. Mostly talking about AI and AppSec.
Aaron Levie @levie
2.9M Followers 816 Following ceo @box - your business lives in content. unleash it with AIYou might like
