I think AI bug scanning is a good thing, it will ensure almost all high severity get caught before entering prod. There can certainly be downsides but I am personally all for it.
Strong agreement. I include https://roost.tools in this category of necessary efforts. A strong privacy law would be great, but a more political thing, though there is much we can do as technologists.
So my home router, all my iot devices attached to it from printers to projectors, not to mention custom stacks like Lutron. BLE based locks, car key fobs.
All of these technically could have zero day vulnerabilities and people/companies who made it don't have the resources to buy 20000$ of tokens to go debug them... Maybe they don't care but if they do, what if they can't afford such models or get access in time.
I would like to know how can someone like me defend against them?
Going to be interesting to see how much more downward pressure gets placed on OSS projects (as already alluded to) and what the norm response becomes and what that space evolves into.
Also, assuming something like "0day becomes cheap" it will be interesting to see how this drives discovery->exploit timeframes and scope. I would assume since time is precious you would be inclined to go balls out in terms of impact and scope.
7 comments
[ 2.7 ms ] story [ 34.1 ms ] threadand Related:
System Card: Claude Mythos Preview [pdf]
https://news.ycombinator.com/item?id=47679258
Assessing Claude Mythos Preview's cybersecurity capabilities
https://news.ycombinator.com/item?id=47679155)
All of these technically could have zero day vulnerabilities and people/companies who made it don't have the resources to buy 20000$ of tokens to go debug them... Maybe they don't care but if they do, what if they can't afford such models or get access in time.
I would like to know how can someone like me defend against them?
You could take the Galactica approach - de-network everything you can.
Also, assuming something like "0day becomes cheap" it will be interesting to see how this drives discovery->exploit timeframes and scope. I would assume since time is precious you would be inclined to go balls out in terms of impact and scope.