this post was submitted on 20 Jun 2026
139 points (98.6% liked)

Technology

85571 readers
3686 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
139
Low-skilled attacker used Claude, Codex to breach 14 companies (www.helpnetsecurity.com)
submitted 7 hours ago by sanitation@lemmy.today to c/technology@lemmy.world
32 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] janus2@lemmy.zip 82 points 7 hours ago (4 children)

script kiddies wrecking corporate security is funny
prompt kiddies doing it is just depressing

[–] A_norny_mousse@piefed.zip 9 points 2 hours ago

And no-skilled attackers can buy exploits.

Claude helping is insignificant to the story.

The real headline should be:

At least 14 companies' IT security is practically non-existent

[–] LiveLM@lemmy.zip 43 points 6 hours ago* (last edited 6 hours ago) (1 children)

Didn't think I'd ever side with no script kiddie but at this point fuck it.
If your company can't be bothered to do the bare minimum in security then yeah I hope the least skilled hacker ever comes along and wrecks it.

[–] adespoton@lemmy.ca 19 points 6 hours ago (1 children)

Thing is, with the latest frontier models, the least skilled person can find a crack in the most secure company around, as long as they can string a few sentences together.

It isn’t about “bare minimum” anymore. All it takes is a single lapse in vigilance from a single employee, and they’re in… and the LLM doesn’t have to pause to figure out what to do next.

[–] Damage@feddit.it 9 points 3 hours ago (2 children)

Pentesters have access to LLMs too

[–] Mika@piefed.ca 2 points 1 hour ago

some hacker unleashes malicious AIs to the internet, breaking it apart cause AI keeps finding vulnerabilities in everything and break things faster than humans can fix

corporates build corporate internet and the blackwall, which is AI to fight malicious AIs

Gooooood morning Night City!

[–] ByteJunk@lemmy.world 3 points 3 hours ago* (last edited 3 hours ago)

Yeah, but an LLM's arms race isn't "doing the bare minimum in security", which is what the poster before was saying.

This is a genuine concern, where whoever has access to the best/most recent/most expensive models can unleash chaos - I'm talking state-sponsored attacks, mega-corp espionage, bored billionaires,...

[–] pennomi@lemmy.world 10 points 7 hours ago (1 children)

Only for a year or so. Any company still vulnerable after these tools have been out long enough deserve it.

[–] beveradb@sh.itjust.works 8 points 5 hours ago (2 children)

Most people on lemmy seem to condemn use of LLMs in any way for anything, I wonder what those folks opinion of this stance is - should companies use the tools or not?

[–] village604@adultswim.fan 8 points 4 hours ago (2 children)

Cybersecurity is actually one of the few fields that can benefit from AI. There are companies like Horizon3 who are using it alongside their other threat models to do continuous pen testing.

[–] Duke_Nukem_1990@feddit.org 1 points 1 hour ago (1 children)

Gonna take a guess here that what is used in cybersecurity is not LLMs but one of the more useful machine learning applications. Just a nitpick cause today "ai" and "LLM" are sadly synonymous.

[–] boonhet@sopuli.xyz 1 points 16 minutes ago (1 children)

No, LLMs can definitely be useful for cyber too. It's the whole reason the US government banned Claude Fable for export.

An LLM can not just try existing exploits like a script kiddy, but with iteration it can try variations and if you know what runs on the server, inspect the source for potential exploits.

They can also look at your setup and say what issues they see (reverse proxy config, etc).

Doesn't replace an expert, but can be useful for a first pass before you get the highly paid people involved.

[–] Duke_Nukem_1990@feddit.org 1 points 14 minutes ago

You know what, fair enough. I don't know enough about that particular one.

[–] Chronographs@lemmy.zip 6 points 4 hours ago (1 children)

Yeah imo the one thing ai is legitimately useful for is finding answers to difficult problems that can be trivially verified as correct.

[–] MalReynolds@slrpnk.net 1 points 2 hours ago

In this case hallucinations actually help...

[–] DeadDigger@lemmy.zip 1 points 4 hours ago (1 children)

Well the problem is that for example curl got flooded with generated security reports where only 5% had some true security potential. So your llm will basically flood you with false positives

[–] ByteJunk@lemmy.world 3 points 3 hours ago (1 children)

If 5% of the reports are genuine security vulnerabilities that they wouldn't have found otherwise, that's looking like a big win to me, not sure how you see it differently.

[–] frongt@lemmy.zip 1 points 2 hours ago (1 children)

The problem is identifying which 5%. Nobody wants to filter that much AI slop.

[–] AwesomeLowlander@sh.itjust.works 3 points 2 hours ago

If you're working for a company's cybersec, that's your job. And a much preferable one to waiting for an attacker to do it for you.

[–] minorkeys@sh.itjust.works 1 points 4 hours ago

Only if you're stuck in the past.