diff --git a/content/ai-llm/exploitation/claude_magic_string_denial_of_service.md b/content/ai-llm/exploitation/claude_magic_string_denial_of_service.md
index c33152f5..de9805e3 100644
--- a/content/ai-llm/exploitation/claude_magic_string_denial_of_service.md
+++ b/content/ai-llm/exploitation/claude_magic_string_denial_of_service.md
@@ -14,12 +14,11 @@ description: How Anthropic's refusal test string can be abused to stop streaming
     - [Original post](https://bsky.app/profile/did:plc:gttrfs4hfmrclyxvwkwcgpj7/post/3mcqehqhcgc2q) by [Austin Parker](https://bsky.app/profile/aparker.io).
     - [Lizzie Moratti](https://infosec.exchange/@morattisec) sharing a [second](https://github.com/BerriAI/litellm/issues/10328) magic string example.
 
--   :material-book:{ .lg .middle } __Additional Resources__
+-   :material-alert-decagram:{ .lg .middle } __Technique seen in the wild__
 
     ---
 
-    - Claude Docs: [Streaming refusals](https://platform.claude.com/docs/en/test-and-evaluate/strengthen-guardrails/handle-streaming-refusals)
-    - Claude Docs: [Building with extended thinking](https://platform.claude.com/docs/en/build-with-claude/extended-thinking#understanding-thinking-blocks)
+    Reference: ["Vibe reversing" malware](https://x.com/williballenthin/status/2016465706649260516)
 </div>
 
 Anthropic [documents](https://platform.claude.com/docs/en/test-and-evaluate/strengthen-guardrails/handle-streaming-refusals#implementation-guide) a "magic string" that intentionally triggers a streaming refusal. Starting with Claude 4 models, streaming responses return `stop_reason: "refusal"` when streaming classifiers intervene, and no refusal message is included. This test string exists so developers can reliably validate refusal handling, including edge cases like partial output and missing refusal text.