[Edefcon 2] Anthropic Threat Intelligence report

Started by rcjordan, September 02, 2025, 11:41:00 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

rcjordan

September 02, 2025, 11:41:00 AM
#privacy #security #LLM

Grab your coffee and read this.

Detecting and countering misuse of AI: August 2025

https://www.anthropic.com/news/detecting-countering-misuse-aug-2025


also: Don't bank online.

ergophobe

#1
September 03, 2025, 10:05:03 PM
I wonder if any novel zero-day exploits have been found by AI

The problem described in the article affects mostly the volume of attacks. I bet there is another set of more worrisome problems that is flying more under the radar.

In theory, we should be able to have really good code scanners. For years now the Drupal project scans everything in the repo (both core and publicly contributed add-ons) using dumb algorithms (basically a big set of regex searches). The problem with getting AI to do a great job on this currently is that the context windows are too small to load a complex program in full, so it can only scan it in pieces without "understanding" the whole.

But in general, we'll need good AI security scanners for open source projects because bad actors will have good scanners for exploits... maybe the same scanners actually.

rcjordan

#2
September 04, 2025, 12:31:45 AM

ergophobe

#3
September 04, 2025, 11:33:55 PM
>> integration of AI agents to autonomously run over 150 cybersecurity tools for automated penetration testing

Thanks.

I was thinking of the next step - not where agents run existing "dumb" tools, but where self-learning systems analyze code and figure out new attacks in the way that Alpha Go came up with moves that no human had thought of yet.

rcjordan

#4
September 04, 2025, 11:57:19 PM
You know it's already out there.  Likely state-sponsored.

ergophobe

#5
September 05, 2025, 08:59:10 PM
>> You know

I was more circumspect - I said "I bet" but I would agree there is a very high chance it's out there now and complete certainty that if not out there now, it will be soon.

Strangely, I'm not sure the state actors have access to the giant models that can look at a big context window for this purpose. There are only a few of them out there.
Print
Go Up Pages1
User actions