It is significant because a random teenager can’t google “download exploits” and have them available 5mins later.
Powerful AI models and agents though are on your fingertips without you even asking.
Sure, people can buy guns. But what if every person could materialize a chainsaw instead regardless of their skill, maturity, age, or criminal record? 🤔
Full disclosure was a thing once upon a time, where exploits and proofs of concept were dumped publicly, forcing companies to fix the issue or be compromised. That’s mostly been moved away from in favor of responsible disclosure, giving companies time to patch the issue before it’s known publicly.
Maybe we should be moving back to full disclosure to force these companies to take data security seriously. Or at least then we could point to a known vulnerability as proof the company is shitty and is neglecting their infrastructure.
Sometimes I read stories of how reading web page source code is tried to be presented as hacking in order to not actually do anything for security, and of white hats sued for doing their job, and think that there are plenty of targets even for someone without exploits or LLMs
It is significant because a random teenager can’t google “download exploits” and have them available 5mins later.
Powerful AI models and agents though are on your fingertips without you even asking.
Sure, people can buy guns. But what if every person could materialize a chainsaw instead regardless of their skill, maturity, age, or criminal record? 🤔
Random teenagers can absolutely google “download exploits” and have them available, that’s pretty much always been the case…
https://www.exploit-db.com/
Full disclosure was a thing once upon a time, where exploits and proofs of concept were dumped publicly, forcing companies to fix the issue or be compromised. That’s mostly been moved away from in favor of responsible disclosure, giving companies time to patch the issue before it’s known publicly.
Maybe we should be moving back to full disclosure to force these companies to take data security seriously. Or at least then we could point to a known vulnerability as proof the company is shitty and is neglecting their infrastructure.
Sometimes I read stories of how reading web page source code is tried to be presented as hacking in order to not actually do anything for security, and of white hats sued for doing their job, and think that there are plenty of targets even for someone without exploits or LLMs
Teenagers are definitely able to find exploits via google in 5 if they’re motivated.
Buying a disassembled ak-47 on post order and having it shipped to your address anywhere in the world is also possible.
Rules only apply to people that care about them.
@0x0 @eldebryn its not enough to find exploits, you have to know how yo use them… I can see how you can trick AI into guiding you to do a “pen test”