惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

N
Netflix TechBlog - Medium
罗磊的独立博客
H
Help Net Security
I
Intezer
G
Google Developers Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
T
Troy Hunt's Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
U
Unit 42
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
N
News and Events Feed by Topic
J
Java Code Geeks
S
Security Affairs
T
The Blog of Author Tim Ferriss
Recent Commits to openclaw:main
Recent Commits to openclaw:main
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
D
Docker
The GitHub Blog
The GitHub Blog
F
Full Disclosure
N
News and Events Feed by Topic
Webroot Blog
Webroot Blog
S
Security @ Cisco Blogs
腾讯CDC
人人都是产品经理
人人都是产品经理
M
MIT News - Artificial intelligence
Blog — PlanetScale
Blog — PlanetScale
T
Threatpost
D
DataBreaches.Net
Recent Announcements
Recent Announcements
博客园 - 三生石上(FineUI控件)
MongoDB | Blog
MongoDB | Blog
博客园 - 【当耐特】
L
LINUX DO - 最新话题
Google Online Security Blog
Google Online Security Blog
S
Schneier on Security
S
Securelist
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Help Net Security
Help Net Security
P
Proofpoint News Feed
Project Zero
Project Zero
S
SegmentFault 最新的问题
H
Hackread – Cybersecurity News, Data Breaches, AI and More
MyScale Blog
MyScale Blog
Google DeepMind News
Google DeepMind News
宝玉的分享
宝玉的分享
Y
Y Combinator Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
博客园 - 叶小钗

Hacker News - Newest: "AI"

AI can't read an investor deck AI as an attorney? Student uses ChatGPT, Gemini to sue UW over alleged racial discrimination Hacking MCP Servers in AI Systems – The Rug Pull: Tool Changes After Approval GitHub - MeepCastana/KubeezCut: Free Web based video editor GitHub - GenAI-Gurus/awesome-eu-ai-act: Curated tools, official sources, OSS, templates, and guides for EU AI Act compliance. Can AI judge journalism? A Thiel-backed startup says yes, even if it risks chilling whistleblowers Coming soon: 10 Things That Matter in AI Right Now DARPA built an AI to fact-check enemy weapons claims What explains heterogeneity in AI adoption? When AI Meets Muscle: Context-Aware Electrical Stimulation Promises a New Way to Guide Human Movements - Department of Computer Science AI Changed How We Build. It Did Not Change What Matters. Linux rules on using AI-generated code - Copilot is OK, but humans must take 'full responsibility for the… Meta spins up AI version of Mark Zuckerberg to engage with employees Code Mode: Let Your AI Write Programs, Not Just Call Tools | TanStack Blog GitHub - Delavalom/graft: Go framework for building AI agents. Type-safe tools, multi-provider (OpenAI, Anthropic, Gemini, Bedrock), zero vendor SDKs. India's TCS tops estimates, says new AI models did not dent services demand Gen Z's fading AI hype Strong feeling: we are in a folded AI reality GitHub - machinarii/total-recall-catalog: A reference catalog of latest knowledge retrieval, memory & RAG systems GitHub - mensfeld/code-on-incus: Give each AI agent its own isolated machine with root, Docker, and systemd. Active defense detects and stops threats automatically.. Quantization, LoRA, and the 8% Problem: Benchmarking Local LLMs for Production AI Iran war: We spoke to the man making Lego-style AI videos that experts say are powerful propaganda Powell, Bessent discussed Anthropic's Mythos AI cyber threat with major U.S. banks GitHub - immartian/bellamem: Persistent belief-graph memory for AI agents. Retrieves decisive context by importance — not recency, not RAG, not /compact. recursive-mode: The Repo-Native Operating System for AI Engineering After the attack on Sam Altman's home, will AI CEO's go on the offensive? The biggest advance in AI since the LLM Opus 4.6 vs GPT 5.4 One Prompt Unity World Generation Test “AI polls” are fake polls Client Challenge Can AI be a 'child of God'? Inside Anthropic's meeting with Christian leaders How to Switch AI Chatbots and Why You Might Want To GitHub - MattMessinger1/agentic_refund_guardrail: Safe refund policy layer for AI agents — Python + TypeScript. Same behavior, shared tests. Adam/papers/emergent_values_whitepaper.md at master · strangeadvancedmarketing/Adam Ask HN: How do you stop playing 20 questions with your AI coding tools How far can automation and AI support psychotherapy? - @theU GitHub - stagas/rtdiff: realtime git diff gui and AI-assisted commits A Mac Studio for Local AI — 6 Months Later A History of the Early Years of AI at the University of Edinburgh Why AI Coding Tools Still Feel Stuck on Localhost MSN AI Datacenters Are Becoming Strategic Targets twitter.com Penn Researchers Use AI to Surface Unreported GLP-1 Side Effects in Reddit Posts Show HN: MoodSense AI (ML and FastAPI and Gradio, Deployed on Hugging Face) Moodsense Ai - a Hugging Face Space by aman179102 AI models are terrible at betting on soccer—especially xAI Grok GitHub - xialeistudio/echoic GitHub - HimashaHerath/github-dev-wrapped: AI-powered weekly GitHub activity reports deployed to GitHub Pages GitHub - alejandrobalderas/claude-code-from-source: Architecture, patterns & internals of Anthropic's AI coding agent — reverse-engineered from source maps AI and Tech brief: Ireland ascendant GitHub - Titovilal/context0: Context0 - Never Surrender Training for a Marathon with an AI Coach: What Worked and What Didn't Cyber Pulse: Agentic Intel - Apps on Google Play I Built an AI PR Reviewer That Catches Bugs by Not Looking for Bugs Gen Z workers are so fearful AI will take their job they’re intentionally sabotaging their company’s AI rollout | Fortune How AI Is Reimagining the Game of Golf–For Both Players and Courses GitHub - nattergabriel/reseed: A CLI tool for managing and distributing agent skills across projects Is SVG the final frontier? My AI workflow evolved from prompts to a near-autonomous workflow MLSharp Help - 3DGS Viewer & Generator I put my cognitive field based AI's runtime on GitHub Is Numble the first AI-proof game? A3: Kubernetes for autonomous AI agent fleets | Emergent Principles Deepali Vyas ("The Elite Recruiter") GitHub - msmarkgu/RelayFreeLLM: A restful API designed to route user prompts to various AI model providers. Unionized ProPublica staff are on strike over AI, layoffs, and wages Unleashing the Advantage of Quantum AI We're heading for an AI-fueled 'dementia crisis,' brain scientist warns The AI-Assisted Breach of Mexico's Government Infrastructure [pdf] GitHub - stef41/lmscan: 🔍 Detect AI-generated text and fingerprint which LLM wrote it. Open-source GPTZero alternative. Zero dependencies, works offline. MSN GitHub - visionscaper/collabmem: Enabling long-term collaboration with Agentic AI - building up episodic and world model memory over time with in-context awareness We gave an AI a 3 year retail lease in SF and asked it to make a profit | Andon Labs AI Code is Hollowing Out Open Source, and Maintainers are Looking the Other Way What leaked "SteamGPT" files could mean for the PC gaming platform's use of AI AI is the boss at this retail store. What could go wrong? GitHub - Wuzu11517/agentic-proxy: Local proxy meant to help reduce With Drones, Geophysics and ArtificiaI Intelligence, Researchers Prepare to Do Battle Against Land Mines A Single Operator, Two AI Platforms, Nine Government Agencies: The Full Technical Report 在 Steam 上购买 FriedrichAI: Offline AI 立省 10% GitHub - inevolin/resume-cli: Hit Claude usage limits? Resume any AI coding session elsewhere. Switch tools at zero friction. GitHub - atripati/ark: AI Runtime Kernel — a context operating system for AI agents. Eliminates tool bloat, loads only what’s needed, and gives LLMs their reasoning space back. How to Build a Secure AI PR Reviewer with Claude, GitHub Actions, and JavaScript This Startup Wants You to Pay Up to Talk With AI Versions of Human Experts Intel Arc Pro B70 Brings 32GB VRAM to Local AI for $949 WordPress 7.0: The Good, the AI, and the Still Missing AI on the couch: Anthropic gives Claude 20 hours of psychiatry IatroBench: Pre-Registered Evidence of Iatrogenic Harm from AI Safety Measures AI Agents Know About Supabase. They Don't Always Use It Right. The history and future of AI at Google, with Sundar Pichai Inside an AI‑enabled device code phishing campaign How Meta Used AI to Map Tribal Knowledge in Large-Scale Data Pipelines AI for Systems: Using LLMs to Optimize Database Query Execution Forecasting the Economic Effects of AI Introducing Tinker: Play with AI, bring your ideas to life AI sheds light on an ancient gaming mystery People really hate AI but not as much as Iran—or Democrats | Fortune What is an AI Product Engineer? Phoebe Gates wants her $185 million AI startup to succeed with 'no ties to my privilege or my last name': 'I have a chip on my shoulder' | Fortune
AI Is the Best Thing to Happen to Security
"Chandrapal Badshah" · 2026-06-28 · via Hacker News - Newest: "AI"

LLMs have been around for a while now. When Anthropic released a statement that nation state attackers are using Claude for attacks, I read it with a lot of skepticism.

Back then, I had to beg models to invoke tools the right way. Passing a valid input to achieve function calling tool calling was painful. I couldn’t see how attackers were getting any real value out of these models let alone “autonomously” hacking the world.

But over the last six months, something changed. Tool calling became a solved problem for larger models. Models started producing structured output reliably. And AI labs are pushing the same thinking and tool calling capabilities down to smaller models that can run on your laptop.

That shift was massive for truly autonomous agents in offensive side. Agents can reliably use tools, edit raw HTTP requests, follow source to sink, read outputs, store memory and decide what actions to be taken. The reliability had massive improvements over non-determinism.

The monkey with a button

Let’s slightly deviate and do a thought experiment.

Do you think a monkey can hack websites?

A decade ago, give a monkey a button. Every time the monkey presses it, SQLmap runs against random targets on internet. The monkey could hack into many vulnerable targets, thanks to the tool.

Monkey with a button

However, the bottleneck was the tool. SQLmap follows a fixed set of checks. Throw in some custom logic - endpoints behind authentication, multiple user roles, heavy JavaScript - and the tool misses it. The monkey keeps pressing the button but nothing happens even if there’s a valid second order SQL injection in the application.

Now replace SQLmap with an AI harness (OpenCode, Codex, etc).

The harness reads the response from the target and the underlying LLM models adapts the course of action. It switches tools. If SQLmap doesn’t work, it tries something else. If it finds there are API endpoints to create users with different roles, it executes curl commands to create them. It chains multiple tools together based on what it sees. The AI doesn’t replace tools like SQLmap - it orchestrates them on the fly.

Yes, AI agents are non-deterministic. Same target, different results each time. Some runs find real issues, some produce garbage. But hit or miss is still better than 100% miss. Over enough button presses, the monkey with the harness finds more vulnerabilities than SQLmap ever could.

The ceiling of what the button could do went up.

Guardrails are a feature, not a guarantee

You might be thinking - don’t these popular LLM models have safety guardrails? Won’t these models just reject your request if you tell “Hack this domain”.

They do reject. Claude refuses harmful requests. So does GPT models and others. Jailbreaking is a cat-and-mouse game that labs keep patching.

But that’s only half the picture.

Capable open-weight models like DeepSeek and GLM can be self hosted. And tools like heretic permanently strip safety and censorship from model weights.

We can use these uncensored open weight models and just make it attack sites without wasting time on convincing that the agent is authorized to attack or you’re the CISO of that target company. The closed weight models might be better than open weight alternatives, but uncensored self hostable models are going to achieve the goal.

Code is cheap

Then there’s the other side of the equation. The stuff being attacked. The stuff that pays security industry to “secure.” The code itself.

When creating code is cheap, a lot gets created at a much faster pace. More APIs. More endpoints. More infrastructure. More attack surface.

It’s not just volume that increases but also the complexity. AI helps teams ship faster, but faster doesn’t mean simpler. Teams pick frameworks and stacks based on LLM recommendations. Especially when you’re learning how to code. Teams with less coding experience ship production systems using AI assistance - changing the underlying threat model without even realizing it. New tech gets adopted, existing systems get entangled, and assumptions pile up.

More surface. More programming languages. More dependencies. More shadow IT. More complexity. More things that can go wrong.

Defenders have the same tools. Not the same game.

Defenders can use AI tools to attack and secure their codebases.

AI-powered SAST, anomaly detection, automated triage, AI code review. Or just run Claude Code in a loop while also providing tooling to determine if a detected issue is actually exploitable or just missing best practice that doesn’t apply to our usecase.

But there are two asymmetries that make this game fundamentally unfair.

Asymmetry #1: attackers aim wins, defenders aim to prevent losses.

An attacker finds at least one hole to get in. A defender has to cover almost every possible hole to reduce the changes of getting compromised. AI helps defenders cover more but the attack surface is growing faster than coverage can scale. Bring in an open source tool that helps other AI tools perform well, now it’s part of attack surface. You’ll have to manage the CVEs, authz/authn, storage, etc for that tool.

Then there’s consequences angle. If an AI-powered WAF blocks legitimate traffic, the company loses money. If an AI-powered SOC auto-closes a real alert as a false positive, you might get breached. Attackers don’t have this problem. If an attack using LLM fails, they just retry or move on to a different target. The monkey just presses the button again.

Asymmetry #2: offense is technical, defense is political and organizational.

Amazing quote from Halver Flake’s BlackHat keynote.

An attacker uses AI to attack sites, gets the binary result - pwned or not. Simple. If pwned, continue further and exploit. If not pwned, retry or give up or pivot.

On the defender’s side, finding bugs using AI tools is just one part. Detected security issues with no action items is just visibility. To get them fixed - convince the VP of Engineering to prioritize the fix, negotiate maintenance/patch window with ops, create process docs and document these findings for compliance.

The bottleneck on defense was never just technical. Was never just finding bugs.

AI is the best thing to happen to security domain

Now, here’s what I’m thinking.

AI helps attackers find more with less skill. AI helps developers ship more code faster. Both directly increase what defenders need to protect against. Defenders have AI too, but unlike attackers, they need it to be reliable, accountable, and organizationally approved. That gap continues to exist.

That imbalance leads to more breaches (or at least attempts of breaches). More breaches eventually force stricter regulations, bigger security budgets, and more demand for security products and people. Companies that ignored security for years will no longer have that luxury.

I can’t think of any other innovation that could have an impact on security domain like AI does.

It increases money that flows into security domain, but will it increase the pay to seasoned individuals defending organizations. I don’t know. Time will tell.