MrMax retweetledi
For people tweeting "cyber security is dead", are u ok? You think when everyone and everything is about to get hacked and the need for security goes through the roof, you think it's "dead" or "solved"? Bruh
what it highlights is that security has always been underresourced, not over. Sure your grandma became as good as a professional attacker by simply promoting an llm and that's, granted a scary base entry. What you might not realize is the real determined researcher type attackers just got 1000x more powerful than before. You no longer need to be 20 cracked researchers to zero click RCE an iPhone, you can be one of those guys who is great at one component to be able to build a full chain yourselves. What the mainstream realm seems to not realize is the people who were in the trenches finding the vulns we always knew where there driving these bots will find more mind boggling and complex vulns than your avg hacker. Always been true, will remain true. Look at Poetic, it used particular architrcute bn different LLMs with awesome scaffolding to get Gemini to be 3x better at ARCAGI2.
Hacking is not going anywhere. Hackers gonna hack. We gonna hack everything including the Mythos Preview, and other huge ais.
Another important thing to raise, esp for ppl who don't spend their time looking for complex bugs in hyper secure software is, different hackers have always found very very different vulnerabilities. In bug bounty, youd often have situations where after the most talented hackers hacked a program, and being open for years, some completely new guy no one has heard of will show up and RCE the program a million ways. And this happens daily. Sometimes it's because that person knows something the rest of the world doesn't, a quirk they figured how to exploit, perhaps a behavior or a zero day (which bounty programs don't often accept), but oftentimes it has nothing to do with that other than how different that person thinks and approaches problems. Their unique life experience.
People who have hacked for decade+ like me KNOW to the core of their heart vulnerabilities have ALWAYS been there in large numbers, and in large variety in every set of "secure" software known to man. We've always known it's a matter of time until we break any target, and picking from this buffet of targets to optimize for our time's ROI... Not bc we didn't think they aren't there, or that "15 year old code" would never be vulnerable. 15-20 year old code is exploited daily by hackers, just look at the Linux kernel or windows. It is not a metric of "impressive" - Bc what there always was is unique skills and minds, but not enough time to deploy said x thing into the world in mass, the illusion of being secure has existed. And tbh often pentests and red teams rarely needed new techniques or zero days.
These guys who were hacking with their own quirks, who can show up to mature programs and RCE it a new different way will use the same AI you use to find bugs but find radically different vulns than anything you will find. And there is nothing you can do about it other than cry to your bot. Remember there isn't a finite number of vulns to be found. The chances are there are infinite attack vectors, no I am not exaggerating or using hyperbolic words, it's what I truly believe after hacking for a while. So yes it isn't "solved" by any means, it means you will find ur simple "Claude find me vulns" bugs, and then someone will find something you couldn't even conceptualize, and after all that a bug bounty hunter (or their specialized agent) will show up and still hack you.
The need for cyber security innovation (not just bug finding) just went through the roof, not less. Time will show I am right that even after Mythos runs on ur code 20 times, you will be surprised you still got hacked. Someone who thinks hacking away or is just going through a list of checklist of known vulns has never met a hacker. And it shows!
English
