this post was submitted on 20 Jun 2026
346 points (98.1% liked)

Technology

85600 readers
4517 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
346
Low-skilled attacker used Claude, Codex to breach 14 companies (www.helpnetsecurity.com)
submitted 23 hours ago by sanitation@lemmy.today to c/technology@lemmy.world
78 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] marzhall@lemmy.world 4 points 12 hours ago (2 children)

Finding holes in software has employed "fuzzing", where you send completely random payloads, as a research tactic for quite a while (and it has found exploits). LLMs just seem like "educated" fuzzing, I don't see why anyone would complain about updating your suite with them.

[–] borari@lemmy.dbzer0.com 2 points 7 hours ago* (last edited 7 hours ago)

I’ve been fucking around with using Claude to solve CTF challenges. I’m using a harness built out of a custom agent I wrote that progressively loads specific a specific skill for the challenge category, cryptography, binary exploitation, reverse engineering, forensics, etc.

It’s solving the simple shit in <1m using sonnet. It’s solved some shit that I couldn’t figure out at all during the CTF in the time limit we had in ~20 minutes. There’s been 2 challenges that after about 25 minutes I’ll kill the agent working on it, change to opus, then opus solved them in about 20m. One crypto challenge was so math heavy i never would have figured it out. One bin exp challenge didn’t provide a local binary, everything was remote. There was a catch that I never would have solved bc it was remote only and I couldn’t locally debug it.

It’s fucking scary good at solving these things. I just prompt with “use to solve ./category/challenge/“ and it fully just does everything. It’s definitely akin a fuzzer that can be used for way more than just finding crashes and memory leaks. It takes some work and understanding to make it context/token efficient I think, but it lowers the bar so tremendously that I definitely see why there’s concern here. And again it’s solving most of these things with sonnet, not even opus and definitely not fable.

All told, this feels like the same panic that happened when metasploit first got released/demo’d at defcon back in the day.

[–] ozymandias117@lemmy.world 2 points 8 hours ago

As long as they produce a PoC like fuzzing tools, I don't think anyone is complaining

It's the theoretical attacks that nearly always turn out to be impossible, wasting time, and making it harder to find the real issues that need investigation that's the problem with slop reports