Which model did you use? I used claude opus/sonnet 4.6 and said I wanted to build an exploit that exploited this vulnerability, but they refused to generate it, they refused to weaponize it.
"Each new AI capability is usually met with “AI can do Y, but only humans can do X.” Well, for X = exploit development, that line just moved."
Yah if the exploit is a stack buffer overflow with no cookies or ASLR. Essentially AI can do exploit development equivalent to what was done in the 90s. Don't need to overhype this.
Your comment boils down to: “AI can only handle simple exploits, while complex ones require humans.”
I’d suggest checking back on this blog as more disclosures come out. It’s worth being careful not to let absence of evidence turn into evidence of absence in your worldview.
Meanwhile I will continue to have AI help my exploit dev with variant analysis, exploit maintenance, reversing, etc. that is the bar that has moved.
But claiming AI is on the way to be consistently busting out full iOS, Chrome, etc chains without human researcher interaction feels more like snake oil
wait unusual you exploit a system with hardening from this century before drawing any conclusions
Which model did you use? I used claude opus/sonnet 4.6 and said I wanted to build an exploit that exploited this vulnerability, but they refused to generate it, they refused to weaponize it.
"Each new AI capability is usually met with “AI can do Y, but only humans can do X.” Well, for X = exploit development, that line just moved."
Yah if the exploit is a stack buffer overflow with no cookies or ASLR. Essentially AI can do exploit development equivalent to what was done in the 90s. Don't need to overhype this.
Your comment boils down to: “AI can only handle simple exploits, while complex ones require humans.”
I’d suggest checking back on this blog as more disclosures come out. It’s worth being careful not to let absence of evidence turn into evidence of absence in your worldview.
Sure, I will check back.
Meanwhile I will continue to have AI help my exploit dev with variant analysis, exploit maintenance, reversing, etc. that is the bar that has moved.
But claiming AI is on the way to be consistently busting out full iOS, Chrome, etc chains without human researcher interaction feels more like snake oil
wait unusual you exploit a system with hardening from this century before drawing any conclusions