| ▲ | larrymcp a day ago | ||||||||||||||||
Can anyone elaborate on what they're referring to here? > GPT‑5.2-Codex has stronger cybersecurity capabilities than any model we’ve released so far. These advances can help strengthen cybersecurity at scale, but they also raise new dual-use risks that require careful deployment. I'm curious what they mean by the dual-use risks. | |||||||||||||||||
| ▲ | dpoloncsak 20 hours ago | parent | next [-] | ||||||||||||||||
"Please review this code for any security vulnerabilities" has two very different outcomes depending on if its the maintainer or threat actor prompting the model | |||||||||||||||||
| ▲ | runtimepanic a day ago | parent | prev | next [-] | ||||||||||||||||
“Dual-use” here usually isn’t about novel attack techniques, but about lowering the barrier to execution. The same improvements that help defenders reason about exploit chains, misconfigurations, or detection logic can also help an attacker automate reconnaissance, payload adaptation, or post-exploitation analysis. Historically, this shows up less as “new attacks” and more as speed and scale shifts. Things that required an experienced operator become accessible to a much wider audience. That’s why deployment controls, logging, and use-case constraints matter as much as the raw capability itself. | |||||||||||||||||
| ▲ | pixl97 a day ago | parent | prev | next [-] | ||||||||||||||||
Finding/patching exploits means you also can exploit them better? | |||||||||||||||||
| |||||||||||||||||
| ▲ | baq a day ago | parent | prev | next [-] | ||||||||||||||||
probably that it's good on tasks of either color teams, red or blue - and if it is, it means you can automate some... interesting workflows. | |||||||||||||||||
| ▲ | tgtweak 21 hours ago | parent | prev | next [-] | ||||||||||||||||
Good at finding/fixing security vulnerabilities = Good at finding/exploiting security vulnerabilities. | |||||||||||||||||
| ▲ | szundi 21 hours ago | parent | prev [-] | ||||||||||||||||
[dead] | |||||||||||||||||