Comment by giancarlostoro

6 days ago

I was probably late to the party in realizing and saying it, but I've been saying for a little while, even if you don't want to use AI because "the code is bad" or whatever, I highly suggest you consider having AI auditing code and services for security, or literally anything that scans code for vulnerabilities.

The attack vector isn't just plugins that steal your data, but also 0-day exploits in just about any software you use, and even your own web services being exploited by a script kiddy with an LLM. There will be an increase in hacks and it's only going to get worse, so anyone not investing in cyber security audits and auditing tools should really reconsider.

7 comments

giancarlostoro

Reply
yifanl  6 days ago

AI harnesses were exploited, here's why it's actually good for AI.

  • giancarlostoro  6 days ago

    Not what I'm saying at all, but okay. More like "don't sleep on cyber security" more than anything. I don't care if you use AI, though it can definitely be useful for security auditing. Red teams are going to become more invaluable these days.

    • yifanl  6 days ago

      You're talking about living in a world where we have to take entirely preventative steps, not reactive because hacking is going to be that much more prevalent.

      AI can tell you you're being zero-day'd, but that isn't much comfort - you're already expecting everyone to always be zero-day'd at all times!

      2 replies →

    • romaniv  6 days ago

      You can post any number of snarky booster comments, but at the end of the day they are the opposite of insightful. They are an obfuscation.

      What I'm seeing is that the whole security model built around endless code re-evaluation and continuous (usually online) updates is collapsing in a spectacular fashion. This is not "good for red teams" or "good for security AI". This is not good for anyone except malicious actors.

      I rarely do these, but here is my prediction: doing more of the same but faster is not going to work. No matter how much AI compute people will throw at security scans and patching, the number of security incidents and the overall instability will keep going up until the underlying security model is fundamentally changed.

      1 reply →