fsebugoutzone.org:9999

       Post B33krmIR42gPy4stO4 by joshbressers@infosec.exchange
 (DIR) More posts by joshbressers@infosec.exchange
 (DIR) Post #B33krlLEc9KP0TBc6y by briankrebs@infosec.exchange
       2026-02-06T20:53:57Z
       
       0 likes, 0 repeats
       
       As much as I bash on the stupid ways that companies are trying to shove AI down everyone&#39;s throats, it does seem to be remarkably good at finding vulnerabilities. I&#39;m a little concerned that our over-reliance on racing to patch everything 24/7 isn&#39;t going to scale well for much longer (if indeed it ever has). As this blog post from Anthropic points out, this is becoming a frequent refrain from people advocating that companies invest more in AI. I&#39;m not necessarily saying they&#39;re wrong in this respect. But I am generally wary of any industry that claims you need more of what it is selling just so you can offset the negative externalities caused by the unbridled use of its technology.&quot;Claude Opus 4.6, released today, continues a trajectory of meaningful improvements in AI models’ cybersecurity capabilities. Last fall, we wrote that we believed we were at an inflection point for AI&#39;s impact on cybersecurity—that progress could become quite fast, and now was the moment to accelerate defensive use of AI. The evidence since then has only reinforced that view. AI models can now find high-severity vulnerabilities at scale. Our view is this is a moment to move quickly—to empower defenders and secure as much code as possible while the window exists.&quot;https://red.anthropic.com/2026/zero-days/
       
 (DIR) Post #B33krmIR42gPy4stO4 by joshbressers@infosec.exchange
       2026-02-06T21:31:25Z
       
       0 likes, 0 repeats
       
       @briankrebs It&#39;s always been hard for humans to find security bugs in code, generally we had to focus on one specific area at a timeBut the real challenge has always been writing and testing the patches, this is even harder than finding the vulns in many casesWe will of course see claims to &quot;just use an LLM to write the patch&quot;, but I&#39;ve not seen any evidence showing that&#39;s realistic yet (there might be something I&#39;ve missed, goodness knows this space is hard to follow everything)
       
 (DIR) Post #B33krmu0oKjzqcStxQ by kyle@mastodon.kylerank.in
       2026-02-06T23:18:30Z
       
       0 likes, 0 repeats
       
       @joshbressers @briankrebs Ideally for folks willing to add LLMs to their workflow, you&#39;d want to use the LLM to find the security bug in your code as you are writing it or PRing it, while the context (for the human) is fresh. At least that is one way to take advantage of something that is reasonably good at &quot;this code might have a security bug&quot; as long as the false positives are kept low.
       
 (DIR) Post #B33krpsLkyC54Ki7Hc by briankrebs@infosec.exchange
       2026-02-06T21:17:28Z
       
       0 likes, 0 repeats
       
       If you look at the Hacker One leaderboard rankings for collectives, you can see Xbow ruled in the last half of 2025. Xbow is billed as a fully autonomous AI-driven penetration testing platform.