TechPulseTechPulse
Back to News
Advertisement
Advertisement

⚡ Community Insights

Discussion Sentiment

50% Positive

Analyzed from 1032 words in the discussion.

Trending Topics

#google#https#article#security#bugs#models#author#intelligence#company#com

Discussion (60 Comments)Read Original on HackerNews

s3p•about 2 hours ago
>But new A.I. models like Anthropic’s Mythos, which was announced last month, appear to be so good at finding such holes that Anthropic shared it only with a limited number of firms and government agencies in the United States and Britain.

Immediate distrust of the article. GPT 5.5 is out with nearly the same capability. The author might be parroting company marketing, unable to discern that a lot of this is much less complex than it seems. For all we know this group could have had a model examine some obscure line of code thousands of times until it found something.

reaperducer•about 2 hours ago
Immediate distrust of the article… The author might be parroting company marketing, unable to discern that a lot of this is much less complex than it seems.

https://www.nytimes.com/by/dustin-volz

> I am based in The Times’s Washington bureau, and much of my focus is on the dealings of U.S. cybersecurity and intelligence agencies, including the National Security Agency, Central Intelligence Agency, Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation, as well as their counterparts abroad, chiefly in China, Russia, Iran and North Korea.

> My remit spans nation-state hacking conflict, digital espionage, online influence operations, election meddling, government surveillance, malicious use of A.I. tools and other related topics.

> Before joining The Times, I worked at The Wall Street Journal, where I spent eight years covering cyber conflict and intelligence. My recent work at The Journal included a series of articles revealing a major Chinese intrusion of America’s telecommunications networks that breached the F.B.I.’s wiretap systems and has been described as one of the worst U.S. counterintelligence failures in history. I have also worked at Reuters and National Journal, where I began my career in Washington chronicling congressional efforts to reform surveillance practices at the N.S.A. in the wake of the 2013 Edward Snowden disclosures.

> My work has been internationally recognized, including by the White House Correspondents’ Association, the Gerald Loeb Awards, the Society of Publishers in Asia and the Society for Advancing Business Editing and Writing.

What have you done lately?

LudwigNagasena•about 2 hours ago
Reporting on such stuff requires networking skills, not technical knowledge.
reaperducer•about 2 hours ago
Reporting on such stuff requires networking skills, not technical knowledge.

Guess how I know you've never been a reporter.

himata4113•about 1 hour ago
nytimes reporters have recently been very disappoiting and starting to feel like they're people who managed to become relevant long time ago, but haven't kept up with recent changes and are just parroting things others have said instead of unique thoughts.
flextheruler•about 2 hours ago
https://www.logicallyfallacious.com/logicalfallacies/Appeal-...
reaperducer•about 2 hours ago
Not at all.

OP posited that the author didn't know what he's talking about. I pointed out that the author has far more knowledge and experience in the field than rando internet griefers on HN who immediately reach for "shoot the messenger" when they read something that doesn't neatly fit into their pre-conceived worldview, instead of perhaps learning things from other people.

But at least your trope acknowledges that he's an authority on the subject.

megous•about 1 hour ago
How many zeroday vulns had the article author discovered using AI assisted methods?
sowbug•about 2 hours ago
Security will be a wedge to restrict the sophistication of open-weight and local LLMs, just as it's been used to demonize and restrict cypherpunk technologies.
kshacker•about 2 hours ago
As long as it is within the country, restriction works. How do you restrict the capability from a foreign entity, especially a hostile one?
jazzyjackson•about 1 hour ago
netsplit, I guess. decide that the risk of an open network is too great and simply block all routing out of the country through the ISPs and consider the political power that goes along with a global satellite constellation under rule of a single, government-aligned corporation.
QuantumNoodle•about 1 hour ago
Okay, when fuzzing techniques came out there was a big surge in discovered and exploited bugs. AI is more general and I expect there be a similar surge. However fuzzing is cheap but compute and techniques can be "owned." The economics of AI is unless you pay for it, it is difficult to self host (expensive hardware, open source models are catching up).

State actors + hackers will have more resources to make better offense. What worse, in my experience AI produced code is blind to overall system behavior. So I fear the exploits will be either low hanging/trivial to exploit errors or bigger system level bugs.

gman2093•about 2 hours ago
Black hat hacking seems to be a well-fit use case for these LLMs. Attackers only need to be right once, so the sometimes-wrongness of the attacks might be trivial. This probably devalues stashes of zero-day exploits for those that have been witholding them.
bouncycastle•about 1 hour ago
Meanwhile, I cannot ask ChatGTP how to pick my own lock. Even though this information is available in a book in the library.
atrocities•about 2 hours ago
Can we link to the actual google article, instead of these editorialized articles about the article?

https://cloud.google.com/blog/topics/threat-intelligence/ai-...

skeledrew•about 1 hour ago
Wild that they think restricting access to models will help much. Access to Chinese models will definitely not be restricted and have enough capability to find exploits as well.
xnx•about 1 hour ago
Dupe: https://news.ycombinator.com/item?id=48096712
skeledrew•about 1 hour ago
This is 3 hours earlier than what you're sharing.
xnx•2 minutes ago
Not sure how article merging goes, but this one shows up as 4 hours later to me.
CrzyLngPwd•about 2 hours ago
People used LLMs to find flaws in Google software.
amelius•about 2 hours ago
But did they use Gemini?
Andrex•about 1 hour ago
> the company added that it did not believe it was its own Gemini chatbot.

-TFA

freedomben•about 1 hour ago
I don't know, but given how often Gemini refuses benign requests IME, I would suspect it's a complete non-starter for finding security holes.
skywhopper•about 1 hour ago
Drives me nuts that the NYT just uncritically cites Anthropic’s unverified claims of “thousands of zero-days” without a hint of skepticism.
SecretDreams•about 2 hours ago
If "bad guy AI" can find flaws, can "good guy AI" patch them faster when backed by trillion dollar companies?
boothby•about 2 hours ago
Do your AI patches introduce fewer flaws than they repair?
j2kun•about 2 hours ago
The bottleneck is probably validating and deploying the fix, which requires coordination.
cyanydeez•about 2 hours ago
If I sell weapons to both sides of a conflict, can I become rich?
mindcrime•about 1 hour ago
No. To become really rich you have to draw a 3rd player into the conflict, and then sell weapons to them as well.
SecretDreams•about 2 hours ago
Ask anyone selling AI hardware recently!
Advertisement
0xWTF•about 2 hours ago
Wait until the bio version of this shows up.
4128-1228•about 2 hours ago
The Google Threat Intelligence Group wants to increase its relevance and casually point out the it was not Mythos which found the exploit!

Security "researchers" are overpaid buffoons who hype things for their own salaries and their companies. And the stenographers from the press dutifully copy everything.

This is a despicable game to fool politicians into giving money and favorable AI legislation.

Strangely enough these buffoons never offer their models to open source developers. It is always a select group of highly paid other buffoons that throws some very occasional results over the wall.

ppqqrr•about 2 hours ago
...says yet another company hell bent on integrating it into every facet of our lives. This reads like a celebration, if you ask me.
wnc3141•about 2 hours ago
But in exchange we get to also waste vast energy and carbon while depleting job prospects for just about any college grad.
andrepd•about 2 hours ago
It's not all bad though. We also managed to turn the Information Superhighway of the 1990s into the Slop Wasteland of the 2020s.
simmerup•about 2 hours ago
Can google please use AI to find bugs then?

Software is in such a state now, Gmail is full of bugs around sharing attachments to the position that I have to tell my dad to turn his phone off and on again in order to attach a document

j2kun•about 2 hours ago
https://secgemini.google/

https://projectzero.google/2024/10/from-naptime-to-big-sleep...

https://deepmind.google/blog/introducing-codemender-an-ai-ag...

JCTheDenthog•about 2 hours ago
Those are all for security vulnerabilities, OP is talking about bugs with functionality.
andrepd•about 2 hours ago
It's probably the AI overuse introducing many of those bugs in the first place...