OptiRefine @OptiRefine
We build AuraWatch — a VS Code extension that scans AI-generated code for security vulnerabilities and fixes them automatically. Built in Ontario, Canada. optirefine.one Toronto, ON Joined April 2026-
Tweets82
-
Followers7
-
Following80
-
Likes3
@LabyrinthCoder 80% AI-authored production code is the headline. The buried stat is what that means for security. AI writes fast. Security reviews don't scale with it. Most of that 80% ships without anyone verifying what vulnerabilities came along for the ride.
@DanielMiessler The trust shift happened fast. The security habits didn't. In 2024 nobody trusted AI for coding. In 2026 nobody reviews what AI coded. That gap is where the vulnerabilities live. 40-62% of AI-generated code ships with at least one. Most teams don't find out until it's too late.
A researcher leaked a VS Code vulnerability this week — PoC exploit dropped within an hour of disclosure. The editor is an attack surface now. So is the code coming out of it. 40-62% of AI-generated code contains at least one vulnerability. Most of it ships before anyone looks
@DecryptedTech Ha. The "AI will just fix it" take is everywhere right now. DNS client RCE is not the kind of thing that autocompletes its way to safety. These need actual patch management, not vibes.
AuraWatch is live on the VS Code Marketplace. Version 1.0.0. Built in Ontario, Canada. If you build with AI coding assistants, install it. ext install OptiRefine.aurawatch
@Howaboua The problem isn't model quality — it's the gap between what the model writes and what the developer actually reviews. AI can write fine code, but if you're shipping 10x faster you're probably reviewing 10x less carefully. That's where the real exposure is.
@mnair1 The detection gap is the real problem. 6 found for every 1 fixed means the debt only grows. The fix rate improves when you stop the vuln from entering the codebase at all. Catch it at generation, before it's in 6 places and costs 6x to remediate.
@BrettKessler__ The weak point isn't your data center — it's the code AI agents are writing to access it. SQL injection, path traversal, hardcoded creds. Generated in seconds, shipped before anyone reviews it. Security has to run at the same speed the code is produced.
@ArmisSecurity The paradox is real. AI writes code faster than any security review can keep up with. The fix has to be in the editor, not downstream. By the time a vuln hits your pipeline it's already in 10 places. Scan and patch at the point of generation.
@DarkReading The hard part isn't the agent going rogue — it's the code the agent writes before anyone notices. AI coding assistants are shipping SQL injection, hardcoded creds, and missing auth checks into prod every day. No one's treating that output as untrusted input.
@elijahadeyeye5 This is underrated. The worst pattern is stripping out auth checks or disabling CSP headers to hit a performance number, then shipping it. A fast site that leaks data isn't a win.
@Yanir_ Debug flags left in production are one of those bugs that looks embarrassing but is actually serious. Any app on the device getting account access is basically a privilege escalation for free. Good find.
@ChrisHervochon @github Good call on the org account. Code ownership is step one. The next problem is the code itself — AI assistants don't flag when they generate something with an injection flaw or a hardcoded secret. That's where a lot of vibe-coded projects are sitting right now.
@caneallesta The gap between concern and readiness is where incidents happen. Most teams are still treating AI agent security as a future problem. The code those agents write is already in prod.
@technerdali The prototype gap is real. Getting to something that runs is one thing, getting to something that's actually safe to ship is another. AI writes plausible-looking code fast but doesn't know your threat model.
Shipped at 2am. AuraWatch caught the command injection at 2:01am. Good tool to have.
@haveibeenpwned This pattern keeps showing up. Built fast, credentials stored poorly, then breached. The bcrypt is the one thing done right. The real damage is email + IP combos — that's what fuels phishing and credential stuffing elsewhere. 64k is small. The downstream damage isn't.
AI models were trained on billions of lines of code. A lot of that code had SQL injection in it. Path traversal. Hardcoded secrets. The model learned the patterns. It reproduces them. The fix isn't prompting better. It's scanning what comes out. optirefine.one
91.5% of vibe-coded apps had at least one hallucination-related vulnerability in Q1 2026. Not most. Not many. 91.5%. The AI isn't writing secure code. It's writing code that runs. Those are different things.
The Moltbook breach: - Launched January 28 - Founder said he "didn't write a single line of code" - By day 3: 1.5M API tokens exposed, 35K emails leaked, private messages accessible Vibe coding ships fast. Breaches ship with it.
Chester Brian @chestrbrian
113 Followers 187 Following spent a decade securing other people's code. now shipping my own. // @shipramen · envsafe · https://t.co/UJeW1ImgY0 (ctf for ai slop)
Nancy V @lmaz_muslu
5 Followers 773 Following whispers to the moon, yells at my phone 🌙 follow back always
claiire18 @raci_kiler
29 Followers 370 Following part time dreamer, full time feeler 🌸 100% follow back
Ercan @haileymanzo82
28 Followers 600 Following
patrioticacorn @patrioticacorn
789 Followers 157 Following Content creator and community moderator Opinions are my own Business email: [email protected]
Intigriti @intigriti
209K Followers 666 Following Bug bounty & VDP platform trusted by the world’s largest organisations! 🌍
HackerOne @Hacker0x01
337K Followers 3K Following HackerOne makes security continuous. We unite AI and human insight through a unified platform to expose risk and eliminate it.
John Hammond @_JohnHammond
320K Followers 3K Following Cybersecurity Researcher @HuntressLabs Just Hacking Training @JustHackingHQ w/ @ethicalhacker https://t.co/UtsNJiyiEk && https://t.co/narO3syzIy
Ben Sadeghipour @NahamSec
247K Followers 1K Following Cofounder @hackinghub_io | Advisor @CaidoIO. I hack companies and make content about it. #NahamCon organizer. ex @hacker0x01🇮🇷
Sam Curry @samwcyo
101K Followers 1K Following
Lesley Carhart @hacks4pancakes
155K Followers 7K Following ICS DFIR @dragosinc, martial artist, marksman, humanist, Lvl14 Neutral Good rogue, USAF Ret. Tweet *very serious* things about infosec. Thoughts mine. They/them
MalwareTech @MalwareTechBlog
272K Followers 1 Following Not here anymore. Profiles: https://t.co/sFoOuGmYK2
SwiftOnSecurity @SwiftOnSecurity
410K Followers 9K Following computer security person. former helpdesk.
JS0N Haddix @Jhaddix
176K Followers 7K Following CEO, CISO, Trainer, Hacker, and Speaker. Cybersecurity + Hacking + AI + Sec Leadership @arcanuminfosec
ippsec @ippsec
123K Followers 365 Following
James Kettle @albinowax
83K Followers 102 Following Director of Research at @PortSwigger aka @Burp_Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3
Troy Hunt @troyhunt
248K Followers 1K Following Creator of @haveibeenpwned. Microsoft Regional Director. Pluralsight author. Online security, technology and “The Cloud”. Australian.
/r/netsec @_r_netsec
33K Followers 0 Following Follow for new posts submitted to the netsec subreddit. Unofficial.
PortSwigger Research @PortSwiggerRes
120K Followers 7 Following Web security research from the team at @PortSwigger
Hack The Box @hackthebox_eu
246K Followers 228 Following Cyber Mastery: Community Inspired. Enterprise Trusted.
0xdf @0xdf_
26K Followers 471 Following AI Cybersecurity @ Anthropic Potentially a legit security researcher he/him https://t.co/GCcLVlmdQK https://t.co/uQWVpw4nft 0xdf on discord
khr@sh @khr0x40sh
275 Followers 325 Following Aspiring, self-taught developer (C, C++, C#, VB.Net, Perl, Python, Java) with interests in Information Security, humor, and well when appropriate, both.
Dark Web Informer @DarkWebInformer
217K Followers 76 Following One guy. Global cybercrime. Tracked so you don't have to. Ransomware, data breaches, dark web activity, darknet markets, IOCs & emerging threats. Stay informed!
Dirt Jordan @techfusionjb
92 Followers 557 Following AI Artist | Blending tech with... everything else 🏴
𝓕𝓻𝓮𝓭𝓣�... @J_Fred_Truter
166 Followers 359 Following Sporty computer programmer trying to fix the future
Grace Frank @frankgracy
510 Followers 776 Following Software Engineer → AI Agent Developer 🤖 Helping businesses automate, scale & sleep better 😴 https://t.co/LO9ZXcDan9 https://t.co/05FwiYfT9L
Alexa Web3 (e/acc) @alexabelonix
23K Followers 14K Following Founder & revenue-focused growth strategist | Building in AI, robotics, GTM & sales workflows | @xcloserhq @belonixhq
Glenn Gabe @glenngabe
83K Followers 8K Following SEO and AI Search Consultant at G-Squared Interactive focused on Google algorithm update recovery and AI Search visibility. Podcast: "SEO From The Front Lines".
patrioticacorn @patrioticacorn
789 Followers 157 Following Content creator and community moderator Opinions are my own Business email: [email protected]
Nerdy Avocado 🥑|AI... @nerdyavocadoai
15 Followers 4 Following Daily AI edge for builders & curious minds. 🥑 Tools, prompts & trends that actually matter. Skip the noise. Follow to stay dangerously ahead.
Rost Glukhov @rosgluk
57 Followers 219 Following Leader, software engineering professional, musician, photographer, and a common sense endorser
Dhaval Trivedi @DrAIExpert
39 Followers 18 Following Building with AI & MCP | Hot takes on what's actually working | Tutorials that skip the fluff | @DrAIExpert
Rohan Paul @rohanpaul_ai
150K Followers 7K Following Compiling in real-time, the race towards AGI. The Largest Show on X for AI. 🗞️ Get my daily AI analysis newsletter to your email 👉 https://t.co/6LBxO8215l
Ryan Fleury @rfleury
24K Followers 130 Following RJF // @dgtlgrove // Making RAD Debugger at @radgametools in @epicgames (opinions my own)
Zhanghao Wu @Michaelvll1
2K Followers 441 Following Building SkyPilot @skypilot_org | Co-creator of @lmsysorg, PhD @Berkeley_EECS @ucbrise. Prev: @MIT, @sjtu1896
Sunny Bains @TiDB @sunbains
5K Followers 260 Following swe@PingCAP - The company behind TiDB. Oracle/MySQL/InnoDB team lead in a past life
Sebastian Aaltonen @SebAaltonen
53K Followers 270 Following Building a new renderer at HypeHype. Former principal engineer at Unity and Ubisoft. Opinions are my own.
Ana Dodik @ana_dodik
2K Followers 806 Following Geometry Processing PhD student @ MIT CSAIL. Prev. Meta, Disney Research. Mother of a half-dog, half-tornado. (she/her)
Manthan Gupta @manthanguptaa
22K Followers 304 Following ai research engineer• designing agent runtimes, memory, evals & retrieval systems for autonomous agents • dms open
Lucas Beyer (bl16) @giffmana
139K Followers 602 Following Researcher (now: Meta. ex: OpenAI, DeepMind, Brain, RWTH Aachen), Gamer, Hacker, Belgian. Anon feedback: https://t.co/xe2XUqkKit ✗DMs → email
Jason Wei @_jasonwei
109K Followers 706 Following ai researcher @meta superintelligence labs, past: openai, google 🧠
Stanford NLP Group @stanfordnlp
187K Followers 347 Following Natural Language Processing/Machine Learning @chrmanning @jurafsky @percyliang @ChrisGPotts @tatsu_hashimoto @MonicaSLam @Diyi_Yang @YejinChoinka @StanfordAILab
Mira Murati @miramurati
634K Followers 617 Following Now building @thinkymachines. Previously CTO @OpenAI
Alexandr Wang @alexandr_wang
493K Followers 858 Following chief ai officer @meta, founder @scale_ai. rational in the fullness of time
Gradio @Gradio
57K Followers 11 Following Build and share machine learning apps in 3 lines of Python. Part of the @Huggingface family 🤗. DMs are open for sharing your gradio app with us for promotion!
Anthropic @AnthropicAI
1.3M Followers 2 Following We're an AI safety and research company that builds reliable, interpretable, and steerable AI systems. Talk to our AI assistant @claudeai on https://t.co/FhDI3KQh0n.
Aran Komatsuzaki @arankomatsuzaki
179K Followers 362 Following Sharing AI research. Early work on AI (GPT-J, LAION, scaling, MoE). Ex ML PhD (GT) & Google.
You might like
