Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
upghost 7 hours ago

Anakin: I'm going to save the world with my AI vulnerability scanner, Padme.

Padme: You're scanning for vulnerabilities so you can fix them, Anakin?

Anakin: ...

Padme: You're scanning for vulnerabilities so you can FIX THEM, right, Annie?

nikcub 5 hours ago | parent | next [-]

I assume that's why this is gated behind a request for access from teams / enterprise users rather than being GA

but there are open versions available built on the cn OSS models:

https://github.com/lintsinghua/DeepAudit

sciencejerk 4 hours ago | parent [-]

The GA functionality is already here with a crafted prompt or jailbreak :)

nikcub 4 hours ago | parent [-]

it's gone a bit unnoticed that they've stopped support for response prefilling in the 4.6 models :/

SerCe 2 hours ago | parent | prev | next [-]

What's incredibly ironic is that research labs are releasing the most advanced hacking toolkit ever known, and cybersecurity defence stocks are going down as a result somehow. There’s no logic in the stock markets.

czbond 6 hours ago | parent | prev | next [-]

Definitely will be a fight against bad actors pulling bulk open source software projects, npm packages, etc and running this for their own 0 days.

I hope Anthropic can place alerts for their team to look for accounts with abnormal usage pre-emptively.

tptacek 6 hours ago | parent | next [-]

You want frontier models to actively prevent people from using them to do vulnerability research because you're worried bad people will do vulnerability research?

czbond 6 hours ago | parent [-]

Not at all. I was suggesting if an account is performing source code level request scanning of "numerous" codebases - that it could be an account of interest. A sign of mis-use.

This is different than someones "npm audit" suggesting issues with packages in a build and updating to new revisions. Also different than iterating deeply on source code for a project (eg: nginx web server).

5 hours ago | parent | prev [-]
[deleted]
tptacek 6 hours ago | parent | prev [-]

I don't understand the joke here.

RupertSalt 4 hours ago | parent | next [-]

It's an Internet trope — we could link to knowyourmeme, or link to the HN Guidelines

ukuina 5 hours ago | parent | prev | next [-]

A vuln scanner is dual-use.

john_strinlai 6 hours ago | parent | prev [-]

[dead]