I wonder how these offensive AI agents are being built? I am guessing with off the shelf open LLMs, finetuned to remove safety training, with the agentic loop thrown in.

Does anyone know for sure?

▲

simonw 7 hours ago | parent [-]

Honestly you can point regular Claude Code or Codex CLI at a web app and tell it to start a penetration test and get surprisingly good results from their default configurations.

	▲	VadimPR 6 hours ago \| parent [-]
		I didn't think of that given how censored the models are becoming. Thanks for the idea! I'll try it against my websites before anyone else gets to it.