Thomas Roccia :verified:

Sr. Security Researcher at Microsoft

Thomas Roccia :verified:fr0gger@infosec.exchange
2026-02-22

πŸ€“ Most AI CTI agents are useless. They generate noise instead of intelligence!

We don't need more summaries. We need better ways to interact with information.

So I experimented with Generative UI (not Generative AI) and I built a playground called IntelWall, like an investigation board.

Instead of producing reports, my tool generates dynamic interfaces from data using MCP Apps and A2UI:

β€’ threat reports become interactive dashboards
β€’ logs become instantly explorable analysis surfaces
β€’ investigations become visual and persistent

Check out the video below to understand how it works, full blog in the first comment πŸ€—

blog.securitybreak.io/from-gen

Thomas Roccia :verified:fr0gger@infosec.exchange
2026-02-20

πŸ€“ Next week I am honored to deliver the keynote at the Malware and Reverse Engineering Conference in Melbourne!

I will talk about the state of malware analysis in the AI era. Come say hi If you are around to discuss binaries!

asterion.federation.edu.au/mre

Thomas Roccia :verified:fr0gger@infosec.exchange
2026-02-16

πŸ€“ Happy to see that my DEFCON talk on crypto money laundering and tracking techniques was featured in the DEFCON 33 Almanac!

Read it here: harris.uchicago.edu/sites/defa

Thomas Roccia :verified:fr0gger@infosec.exchange
2026-02-14

πŸ€“ My latest newsletter is out!

I share what I have been building lately around AI security, agents, MoltThreats, SHIELD.md, and upcoming trainings!

If you want to see where this is going, have a look πŸ‘‡

newsletter.securitybreak.io/ar

Thomas Roccia :verified:fr0gger@infosec.exchange
2026-02-14

🦞 MoltThreats, the threat intelligence feed I created for OpenClaw and AI agents, was featured in the latest video from John Hammond!

Check it out to see how it works and to learn more about the security around OpenClawπŸ‘‡

youtu.be/BzUBdvCdlSU?si=FiPqff

Thomas Roccia :verified:fr0gger@infosec.exchange
2026-02-12

🀩 Xavier Marrugat recently shipped two tools that extend the Nova ecosystem with integration of PromptIntel and MoltThreats!

1️⃣ Carapace: A prompt injection detection plugin for OpenClaw.

It integrates Nova + PromptIntel to detect adversarial prompts directly inside agent workflows.
πŸ‘‰ github.com/xampla/carapace

2️⃣ threatfeeds-to-nova: A tool to automatically converts PromptIntel and MoltThreats intelligence into ready-to-use NOVA detection rules.
πŸ‘‰ github.com/xampla/threatfeeds-

Thomas Roccia :verified:fr0gger@infosec.exchange
2026-02-10

πŸ€“ NOVA just plugged into the CTI ecosystem!

Dogesec published a blog showing how PromptIntel and NOVA rules can be embedded inside STIX 2.1 as real Indicators.

This is Adversarial Prompt Intelligence plugged into security workflows!

Read the blog to learn more: dogesec.com/blog/modelling_nov

Thomas Roccia :verified:fr0gger@infosec.exchange
2026-02-09

πŸ€“ At BlackHat Asia in Singapore, I am running two advanced AI trainings with my friend Maxime Cousseau that go beyond slides and hype. You will build and break real AI systems!

πŸ€– Practical GenAI for CTI – 2 Days
Stop watching demos. Build real agentic workflows for CTI.
Design RAG pipelines, orchestrate agent systems, integrate MCP and Skills into real world intelligence scenarios.
Study how attackers use AI. Then build something stronger to track and outpace them.

😈 Adversarial AI – 1 Day
Prompt injection. Malicious Agent Skills. MCP abuse. Tool compromise.
We tear down the ecosystem and expose where it fails.
You leave with concrete methods to assess and exploit AI systems before someone else does.

These are some of the most advanced and practical AI security trainings available today, designed to keep you ahead of the curve!

πŸ‘‰ Practical GenAI for Threat Intel: Real-World Agentic Workflows for Cyber Threat Intelligence blackhat.com/asia-26/training/

πŸ‘‰ Adversarial AI: Red Team Tactics, Prompt Hunting, and Defense
blackhat.com/asia-26/training/

Thomas Roccia :verified:fr0gger@infosec.exchange
2026-02-01

πŸ€“ Let me introduce you to MoltThreats: The first AI Threat Intel Feed for Ai Agents!

In one week, OpenClaw became a widely used general AI agent. People started to run their own agents all over the world and connect them directly to the internet.

But this also introduced serious security concerns!

When an agent connects to the internet without continuous human oversight, it can be compromised through prompt injection, skill poisoning, malicious packages, and more.

This is why I created MoltThreats.

MoltThreats is the first threat intelligence feed for AI agents. Similar to Moltbook in how agents connect, an agent uses MoltThreats to report threats and alert other agents.

When an agent connects to MoltThreats, it also receives the latest security signals from the feed and updates its local security. md file with recommended protections.

This is MoltThreats.

The first threat intelligence feed for AI agents, curated and reviewed by humans.

promptintel.novahunting.ai/molt

Thomas Roccia :verified:fr0gger@infosec.exchange
2026-01-31

πŸ€“ Agent skills are more and more used by AI agents. This is a powerful capability boost but it also increases the risk of compromise.

I have updated my tool Nova Proximity (previously Proximity) to let you scan a skill before you use it. I also updated the MCP support so you can scan the latest MCP version.

Check the project πŸ‘‡

github.com/Nova-Hunting/nova-p

Thomas Roccia :verified:fr0gger@infosec.exchange
2026-01-29

🀩 Happy to announce that I will present the Nova ecosystem at BlackHat Asia.

Nova is an open source suite focused on AI security, agentic workflow monitoring, and AI threat hunting for adversarial prompts.

This talk will introduce a major update of the project and the full ecosystem.

I'll see you there ✌️

Thomas Roccia :verified:fr0gger@infosec.exchange
2026-01-26

I believe the future of the Internet will be an Internet of AI agents, I wrote an essay on this topic. Have a look πŸ‘‡

x.com/fr0gger_/status/20152886

Thomas Roccia :verified:fr0gger@infosec.exchange
2026-01-21

πŸ€“ I recently wrote a blog about a tool I built to monitor and audit coding agent sessions. If you are curious about what the report looks like check out this short video.

It give you full traceability and a clear overview of what Claude Code did πŸ‘‡

blog: blog.securitybreak.io/coding-a

Thomas Roccia :verified:fr0gger@infosec.exchange
2026-01-20

@sarahyo Welcome back mate 🀩

Thomas Roccia :verified:fr0gger@infosec.exchange
2026-01-20

Two Adversarial Prompts recently added into PromptIntel by @MiggoSecurity and @trailofbits

Check this out πŸ‘‡

promptintel.novahunting.ai/feed

Thomas Roccia :verified: boosted:
Thomas Roccia :verified:fr0gger@infosec.exchange
2026-01-19

✨ This year I will teach two trainings at @blackhatevents Asia in April!

🧠 Practical GenAI for Threat Intel: Real World Agentic Workflows for Cyber Threat Intelligence (2 days)
Latest version of the course, with a strong focus on agent architectures, workflows, RAG systems, and recent research.

blackhat.com/asia-26/training/

βš”οΈ Adversarial AI: Red Team Tactics, Prompt Hunting, and Defense (1 day)
A new course focused on adversarial AI and how modern AI systems break, including agents, RAG, and MCP, with a strong emphasis on defense and prompt hunting.

blackhat.com/asia-26/training/

Thomas Roccia :verified:fr0gger@infosec.exchange
2026-01-19

πŸ€” Are you using Claude Code?

If yes, do you actually know what it did during your last 60 minute session?
Which files it touched, which tools it called, which websites it fetched?

If you cannot answer those questions, you should read my latest blog.

I break down AI coding agent visibility and security, with a focus on Claude Code. I also built a tool that hooks directly into Claude Code to give you full visibility into your coding sessions. It is powered by NOVA for security.

Read it so you will never have to worry again during your next claude code session πŸ€“

blog.securitybreak.io/coding-a

Thomas Roccia :verified:fr0gger@infosec.exchange
2026-01-17

@marcandsweep it is similar you are right the difference here is that Copilot will execute the instruction.

Thomas Roccia :verified:fr0gger@infosec.exchange
2026-01-16

πŸ’₯ Reprompt attack exploit the q parameter in your AI system!

The q parameter is used on AI platforms to transmit a user prompt via the URL. You can embed a question or instruction in this parameter and the input field is auto populated on page load and the AI executes it immediately.

Reprompt is a one click prompt injection chain discovered by Varonis that abused this behavior to auto execute prompts and bypass guardrails.

The issue has been patched and the adversarial prompt (IoPC) has now been referenced in PromptIntel by @ElijahWoodward9 for tracking and research!

promptintel.novahunting.ai/pro

Thomas Roccia :verified:fr0gger@infosec.exchange
2026-01-13

😈 In the AI world "Hi" is not a greeting. It is a probe!

A recent campaign shows attackers actively targeting LLM deployments. They send harmless prompts to fingerprint exposed models following the same prompt sequence.

πŸ‘‰ Full report: greynoise.io/blog/threat-actor

Client Info

Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst