| ▲ | xiphias2 4 hours ago | |
,,GPT‑5.3-Codex is the first model we classify as High capability for cybersecurity-related tasks under our Preparedness Framework , and the first we’ve directly trained to identify software vulnerabilities. While we don’t have definitive evidence it can automate cyber attacks end-to-end, we’re taking a precautionary approach and deploying our most comprehensive cybersecurity safety stack to date. Our mitigations include safety training, automated monitoring, trusted access for advanced capabilities, and enforcement pipelines including threat intelligence.'' While I love Codex and believe it's amazing tool, I believe their preparedness framework is out of date. As it is more and more capable of vibe coding complex apps, it's getting clear that the main security issues will come up by having more and more security critical software vibe coded. It's great to look at systems written by humans and how well Codex can be used against software written by humans, but it's getting more important to measure the opposite: how well humans (or their own software) are able to infiltrate complex systems written mostly by Codex, and get better on that scale. In simpler terms: Codex should write secure software by default. | ||
| ▲ | mrkeen 4 hours ago | parent | next [-] | |
Is "high-capability" a stronger or weaker claim than "team of phd-level experts"? https://www.nbcnews.com/tech/tech-news/openai-releases-chatg... | ||
| ▲ | trcf23 4 hours ago | parent | prev | next [-] | |
That’s just classical OpenAI trying to make us believe they’re closing on AGI… Like all « so called » research from them and Anthropic about safety alignment and that their tech is so incredibly powerful that guardrails should be put on them. | ||
| ▲ | ActionHank 3 hours ago | parent | prev | next [-] | |
I heard the other day that every time someone claps another vibe coded project embeds the api keys in the webpage. I wonder if this will continue to be the case. | ||
| ▲ | manmal 17 minutes ago | parent | prev | next [-] | |
Please no, I don’t need my quick prototypes hardened against every perceivable threat. | ||
| ▲ | da_grift_shift 3 hours ago | parent | prev [-] | |
>Our mitigations include safety training, automated monitoring, trusted access for advanced capabilities, and enforcement pipelines including threat intelligence. "We added some more ACLs and updated our regex" | ||