🐦 Twitter Post Details

Viewing enriched Twitter post

@jsrailton

NEW: malware developers added nuclear & biological weapons text to to their spyware. Goal? To trigger LLM safety refusals... so that their spyware wouldn't be analyzed by an AI security scanner. Cleanest practical example I can think of for why over-indexing on first order safety alignment is risky. When closed (and open) models ship with aggressive refusals, they will be sprinkled with second-order blindspots that attackers will discover...and exploit. We are only in the earliest days of attackers leveraging these features, and it wouldn't surprise me if users systems that need to handle complex cybersecurity issues demand that models be less safety-blunted. In the weeds: @SocketSecurity's post also shows why intention matters in how you design a malware analysis pipeline to avoid prompt manipulation. H/T to colleagues that shared this with me https://t.co/f3Aj9TYxU4

Media 1
Media 2

📊 Media Metadata

{
  "media": [
    {
      "url": "https://crmoxkoizveukayfjuyo.supabase.co/storage/v1/object/public/media/posts/2064661778978533571/media_0.jpg",
      "media_url": "https://crmoxkoizveukayfjuyo.supabase.co/storage/v1/object/public/media/posts/2064661778978533571/media_0.jpg",
      "type": "photo",
      "filename": "media_0.jpg"
    },
    {
      "url": "https://crmoxkoizveukayfjuyo.supabase.co/storage/v1/object/public/media/posts/2064661778978533571/media_1.jpg",
      "media_url": "https://crmoxkoizveukayfjuyo.supabase.co/storage/v1/object/public/media/posts/2064661778978533571/media_1.jpg",
      "type": "photo",
      "filename": "media_1.jpg"
    }
  ],
  "processed_at": "2026-06-11T22:45:31.638619",
  "pipeline_version": "2.0"
}

🔧 Raw API Response

{
  "type": "tweet",
  "id": "2064661778978533571",
  "url": "https://x.com/jsrailton/status/2064661778978533571",
  "twitterUrl": "https://twitter.com/jsrailton/status/2064661778978533571",
  "text": "NEW: malware developers added nuclear & biological weapons text to to their spyware.\n\nGoal? To trigger LLM safety refusals... so that their spyware wouldn't be analyzed by an AI security scanner.\n\nCleanest practical example I can think of for why over-indexing on first order safety alignment is risky.\n\nWhen closed (and open) models ship with aggressive refusals, they will be sprinkled with second-order blindspots that attackers will discover...and exploit.\n\nWe are only in the earliest days of attackers leveraging these features, and it wouldn't surprise me if users systems that need to handle complex cybersecurity issues demand that models be less safety-blunted.\n\nIn the weeds: @SocketSecurity's post also shows why intention matters in how you design a malware analysis pipeline to avoid prompt manipulation.\n\nH/T to colleagues that shared this with me https://t.co/f3Aj9TYxU4",
  "source": "Twitter for iPhone",
  "retweetCount": 2048,
  "replyCount": 216,
  "likeCount": 11995,
  "quoteCount": 345,
  "viewCount": 1438832,
  "createdAt": "Wed Jun 10 10:51:42 +0000 2026",
  "lang": "en",
  "bookmarkCount": 4348,
  "isReply": false,
  "inReplyToId": null,
  "conversationId": "2064661778978533571",
  "displayTextRange": [
    0,
    279
  ],
  "inReplyToUserId": null,
  "inReplyToUsername": null,
  "author": {
    "type": "user",
    "userName": "jsrailton",
    "url": "https://x.com/jsrailton",
    "twitterUrl": "https://twitter.com/jsrailton",
    "id": "243032876",
    "name": "John Scott-Railton",
    "isVerified": false,
    "isBlueVerified": true,
    "verifiedType": null,
    "profilePicture": "https://pbs.twimg.com/profile_images/1648379486688231453/Wfi5gqVC_normal.jpg",
    "coverPicture": "https://pbs.twimg.com/profile_banners/243032876/1765673706",
    "description": "",
    "location": "",
    "followers": 165405,
    "following": 2864,
    "status": "",
    "canDm": true,
    "canMediaTag": false,
    "createdAt": "Wed Jan 26 04:10:38 +0000 2011",
    "entities": {
      "description": {
        "urls": []
      },
      "url": {}
    },
    "fastFollowersCount": 0,
    "favouritesCount": 4231,
    "hasCustomTimelines": true,
    "isTranslator": false,
    "mediaCount": 865,
    "statusesCount": 1803,
    "withheldInCountries": [],
    "affiliatesHighlightedLabel": {},
    "possiblySensitive": false,
    "pinnedTweetIds": [
      "1552412703209263106"
    ],
    "profile_bio": {
      "description": "Chasing digital badness. Sr. Researcher @citizenlab @UofT @munkschool. Fmr.Ed. @SecPlanner.  Tweets mine.\n\nOther platforms @jsrailton too.",
      "entities": {
        "description": {
          "user_mentions": [
            {
              "id_str": "",
              "indices": [
                40,
                51
              ],
              "name": "",
              "screen_name": "citizenlab"
            },
            {
              "id_str": "",
              "indices": [
                52,
                57
              ],
              "name": "",
              "screen_name": "UofT"
            },
            {
              "id_str": "",
              "indices": [
                58,
                69
              ],
              "name": "",
              "screen_name": "munkschool"
            },
            {
              "id_str": "",
              "indices": [
                79,
                90
              ],
              "name": "",
              "screen_name": "SecPlanner"
            },
            {
              "id_str": "",
              "indices": [
                123,
                133
              ],
              "name": "",
              "screen_name": "jsrailton"
            }
          ]
        },
        "url": {
          "urls": [
            {
              "display_url": "johnscottrailton.com",
              "expanded_url": "http://johnscottrailton.com",
              "indices": [
                0,
                23
              ],
              "url": "https://t.co/6KCmbgTd4B"
            }
          ]
        }
      }
    },
    "isAutomated": false,
    "automatedBy": null
  },
  "extendedEntities": {
    "media": [
      {
        "display_url": "pic.twitter.com/WLxe0LWo8s",
        "expanded_url": "https://twitter.com/jsrailton/status/2064661778978533571/photo/1",
        "ext_master_playlist_only": [],
        "ext_media_availability": {
          "status": "Available"
        },
        "ext_playlists": [],
        "features": {
          "large": {
            "faces": []
          },
          "orig": {
            "faces": []
          }
        },
        "id_str": "2064659714827235328",
        "indices": [
          280,
          303
        ],
        "media_key": "3_2064659714827235328",
        "media_results": {
          "id": "QXBpTWVkaWFSZXN1bHRzOgwAAQoAARynJRJUVjAACgACHKcm8u1XcMMAAA==",
          "result": {
            "__typename": "ApiMedia",
            "id": "QXBpTWVkaWE6DAABCgABHKclElRWMAAKAAIcpyby7VdwwwAA",
            "media_key": "3_2064659714827235328"
          }
        },
        "media_url_https": "https://pbs.twimg.com/media/HKclElRWMAATMuP.jpg",
        "original_info": {
          "focus_rects": [
            {
              "h": 887,
              "w": 1584,
              "x": 0,
              "y": 0
            },
            {
              "h": 966,
              "w": 966,
              "x": 309,
              "y": 0
            },
            {
              "h": 966,
              "w": 847,
              "x": 369,
              "y": 0
            },
            {
              "h": 966,
              "w": 483,
              "x": 551,
              "y": 0
            },
            {
              "h": 966,
              "w": 1584,
              "x": 0,
              "y": 0
            }
          ],
          "height": 966,
          "width": 1584
        },
        "sizes": {
          "large": {
            "h": 966,
            "w": 1584
          }
        },
        "type": "photo",
        "url": "https://t.co/WLxe0LWo8s"
      }
    ]
  },
  "card": null,
  "place": {},
  "entities": {
    "hashtags": [],
    "symbols": [],
    "urls": [
      {
        "display_url": "socket.dev/blog/mini-shai…",
        "expanded_url": "https://socket.dev/blog/mini-shai-hulud-miasma-and-hades-worms-target-bioinformatics-and-mcp-developers-via-malicious",
        "indices": [
          863,
          886
        ],
        "url": "https://t.co/f3Aj9TYxU4"
      }
    ],
    "user_mentions": [
      {
        "id_str": "1458247940640690176",
        "indices": [
          687,
          702
        ],
        "name": "Socket",
        "screen_name": "SocketSecurity"
      }
    ]
  },
  "quoted_tweet": null,
  "retweeted_tweet": null,
  "isLimitedReply": false,
  "communityInfo": null,
  "article": null
}