Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Brave Profile picture
@brave
Feb 13 3 tweets 1 min read Read on X
🆕 Brave researchers have uncovered vulnerabilities in zkLogin, a widely-deployed authorization system for blockchain transactions.

Our findings demonstrate the wider challenges facing zero-knowledge proof systems.
Like other zero-knowledge proof systems, zkLogin can verify that you’re a valid user without learning your identity.

However, zkLogin makes several assumptions during this authorization process that leave it open to attackers.
Today's blog explains the vulnerabilities we uncovered and the lessons they offer for anyone designing privacy-preserving authorization systems: brave.com/blog/zklogin/

You can also read the full research paper here: eprint.iacr.org/2026/227

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Brave

Brave Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @brave

Brave Profile picture
Jan 27
Clawdbot is a powerful tool, but using an always-on AI with such broad capabilities can be a security risk.

Here are some tips to minimize the danger. 🧵
1) Run Clawdbot on a dedicated machine

Limiting Clawdbot's access will also limit risk. For starters, don’t use Clawdbot on your primary laptop with all your data and passwords. Instead, run it on a separate device like an old desktop or a VPS.
2) Use dedicated accounts 

Give Clawdbot access only to burner emails, temporary phone numbers, etc. This ensures that your main accounts aren’t compromised.
Read 9 tweets
Brave Profile picture
Nov 5, 2025
Can online services preserve users' privacy while verifying their age?

A proposed solution, called zero-knowledge proofs, has potential but also has limits.
With zero-knowledge proofs (ZKPs), the user can prove they meet verification requirements without sharing personal information.

For example, a user can show that they're above 21 without revealing their exact birthdate or other details.
However, zero-knowledge proof systems have several issues that prevent it from fully protecting users' privacy including:

- Possible information leaks
- Centralization of authority
- Exclusion of people without digital IDs
Read 4 tweets
Brave Profile picture
Oct 21, 2025
The security vulnerability we found in Perplexity’s Comet browser this summer is not an isolated issue.

Indirect prompt injections are a systemic problem facing Comet and other AI-powered browsers.

Today we’re publishing details on more security vulnerabilities we uncovered.
Indirect prompt injection attacks occur when malicious instructions are hidden in web content like webpages.

When an LLM analyzes the content, it obeys the hidden instructions because it believes they’re real commands from the user.
In this thread, we summarize the new types of prompt injection attacks we uncovered.

You can read more details on them in today’s blog: brave.com/blog/unseeable…
Read 8 tweets
Brave Profile picture
Oct 15, 2025
The .brave Website-Building Challenge is live!

Build an on-chain website using your .brave domain for a chance to win 15,000 BAT, $20,000 in .brave domain credits, premium domains, and more!

Be bold. Be creative. Be Brave. 🧵 Image
Earlier this year, .brave domains started resolving natively in the @Brave browser & Brave Wallet with no extensions or setup required.

Now, we’re taking it a step further by rewarding creators building the next wave of on-chain websites.
Prizes:
🥇 1st: 9,000 BAT + $10K in .brave credits + Winner.brave, badge
🥈 2nd: 3,750 BAT + $5K in .brave credits, badge
🥉 3rd: 2,250 BAT + $3K in .brave credits, badge
4th–10th: Brave merch

Total prizes: 15,000 BAT + $20,000 in .brave domain credits, badges and Brave merch
Read 6 tweets
Brave Profile picture
Aug 20, 2025
AI agents that can browse the Web and perform tasks on your behalf have incredible potential but also introduce new security risks.

We recently found, and disclosed, a concerning flaw in Perplexity's Comet browser that put users' accounts and other sensitive info in danger. Image
This security flaw stems from how Comet summarizes websites for users.

When processing a site's content, Comet can't tell content on the website apart from legitimate instructions by the user. This means that the browser will follow commands hidden on the site by an attacker.
These malicious instructions could be white text on a white background or HTML comments. Or they could be a social media post.

If Comet sees the commands while summarizing, it will follow them even if they could hurt the user. This is an example of an indirect prompt injection.
Read 7 tweets
Brave Profile picture
Aug 11, 2025
AI assistants collect personal information, store your conversations on their servers and use your inputs to train their models.

Leo doesn't. Here's how we built privacy into every part of the Brave browser's AI assistant...
All of the AI models offered through Leo are hosted on our own infrastructure to ensure user privacy.

We don’t retain your conversations with Leo or use them for model training. We also don’t collect any personal data such as your IP address.
This same approach applies to any documents or images you ask Leo to analyze. They’re discarded immediately after Leo answers your prompt.

Other companies retain these files on their servers.
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(