pull down to refresh
33 sats \ 11 replies \ @optimism 3h \ parent \ on: Researchers question Anthropic claim that AI-assisted attack was 90% autonomous AI
Major tech corporations, financial institutions, chemical manufacturing companies and government agencies run systems with known RCE and/or SQL injection vulns?
They/we (government entities in the US) are always having our computers updated and restarted so they are constantly addressing it. We also are limited with the number and type of programs, software, and internet connections we can have. Places like the NNSA and National Labs are extremely strict in what outside electronics you can even bring in heck Apple Watches are not allowed there is only one type of Garmin watch you can wear (if you want to wear a smart watch).
That’s already beyond what I know!
reply
I've worked with several government departments, fintechs and manufacturers in several countries over the years. This would mean there is a serious regression if they no longer pay attention to infosec and run vulnerable software like that. If its 0days then Anthropic could have saved the day - would be something better to brag about than this fantasy story.
reply
I get what you’re saying, but in this case there was supposedly a human operator who interpreted the data collected by the AI and then directed the attack. What I mean is that those 0-day vulnerabilities might not have been found by the AI, but by the human. But this is just me wondering, I have no idea how it actually went down.
reply
reply
Right. Maybe I missed it, but I didn’t see anywhere in the report saying the AI was the one that found the 0day vulnerability.
reply
reply
Correction: 80%-90% 🤠
Overall, the threat actor was able to use AI to perform 80-90% of the campaign, with human intervention required only sporadically (perhaps 4-6 critical decision points per hacking campaign).
reply