"AI is giving attackers a huge advantage!"
Uncategorized
128
Posts
38
Posters
0
Views
-
@rootwyrm @cR0w @jackryder God dammit. This is the worst fucking timeline.
-
@cR0w @jackryder Asbestos in brake pads and lead in paint did improve the product though. If they weren't so horriffic to human health, we would still be using them. Conversely, I've yet to see an instance where AI has actually improved anything. At best it lets people who are mediocre at their jobs output a higher quantity of mediocre work.
I'm extremely good at what I do - belonging to that mythical home computer generation that started programming in ASM and never stopped learning how _everything_ works. To no one's surprise I'm thus working in cybersec today, partly as an ethical hacker focusing on hw/fw exploits at the really tricky low level stuff.
A few days ago I tested, for fun, having Mistral AI's Devstral-2 model do an analysis of a firmware dump of an eMMC I had just extracted from a fully proprietary ARM-based IoT device.
In a minute or so it had made the same conclusions as I would myself, nicely documented, on not just standard partitions and what they contained but also the fully custom stuff with no standard markers at all - including making "educated guesses" at the likely boundaries between headers and data, and what the data could be based on number of bits/bytes and entropy.
The question is whether you will now consider me to be mediocre.
-
I'm extremely good at what I do - belonging to that mythical home computer generation that started programming in ASM and never stopped learning how _everything_ works. To no one's surprise I'm thus working in cybersec today, partly as an ethical hacker focusing on hw/fw exploits at the really tricky low level stuff.
A few days ago I tested, for fun, having Mistral AI's Devstral-2 model do an analysis of a firmware dump of an eMMC I had just extracted from a fully proprietary ARM-based IoT device.
In a minute or so it had made the same conclusions as I would myself, nicely documented, on not just standard partitions and what they contained but also the fully custom stuff with no standard markers at all - including making "educated guesses" at the likely boundaries between headers and data, and what the data could be based on number of bits/bytes and entropy.
The question is whether you will now consider me to be mediocre.
@troed @cR0w @jackryder No, you're looking for a fight.
What's that thing Socrates said? "I may be the smartest man alive because I know I don't know anything at all"Be humble bro.
-
@rootwyrm @cR0w @jackryder God dammit. This is the worst fucking timeline.
@Mustardfacial @cR0w @jackryder as a subscriber to multiversal theory, I sometimes joke:
Three dimensions over, scientists are debating whether it was ethically right to kill Hitler in the cradle.
Two dimensions over has a supersoldier that punches Nazis into other dimensions.
One dimension over, scientists are debating the ethics of exiling young HIitler to another dimension.
And over here we're going 'where the fuck are all these Hitlers coming from!?' -
@troed @cR0w @jackryder No, you're looking for a fight.
What's that thing Socrates said? "I may be the smartest man alive because I know I don't know anything at all"Be humble bro.
I think the problem is with the "criti-hypes"* who believe they know better than everybody else (those "mediocres" of the world).
*) from https://pluralistic.net/2026/03/12/normal-technology/#bubble-exceptionalism
-
"AI is giving attackers a huge advantage!"
"Yes, it is. It's amazing how quickly it has destroyed dev, sec, ops, management, company missions and priorities, regulations, information literacy, and civil society, making everyone more vulnerable."
@cR0w And even Western gov's are taking decisions using AI-powered chatbots that got trained with data up to the 90's it seems.
-
I think the problem is with the "criti-hypes"* who believe they know better than everybody else (those "mediocres" of the world).
*) from https://pluralistic.net/2026/03/12/normal-technology/#bubble-exceptionalism
@troed @Mustardfacial @jackryder Damn, I already blocked that domain.
-
I think the problem is with the "criti-hypes"* who believe they know better than everybody else (those "mediocres" of the world).
*) from https://pluralistic.net/2026/03/12/normal-technology/#bubble-exceptionalism
-
-
"AI is giving attackers a huge advantage!"
"Yes, it is. It's amazing how quickly it has destroyed dev, sec, ops, management, company missions and priorities, regulations, information literacy, and civil society, making everyone more vulnerable."
@cR0w 2026 Cybersecurity Priority List (according to LinkedIn)
AI
AI for Security
AI Security for AI
Agentic SOC
AI-SPM
CNAPP
CWPP
CSPM
CIEM
KSPM
DSPM
ASPM
.
.
.
Patch your shit
The fucking basics -
@cR0w 2026 Cybersecurity Priority List (according to LinkedIn)
AI
AI for Security
AI Security for AI
Agentic SOC
AI-SPM
CNAPP
CWPP
CSPM
CIEM
KSPM
DSPM
ASPM
.
.
.
Patch your shit
The fucking basics@badsamurai Is asset inventory covered in "the fucking basics" or is it further down?
-
@badsamurai Is asset inventory covered in "the fucking basics" or is it further down?
@cR0w I almost added but I think I blacked out
-
@cR0w I almost added but I think I blacked out
@badsamurai @cR0w Itโs absolutely mind-numbing to me, the orgs I encounter who donโt have a god damn asset inventory.
-
@badsamurai @cR0w Itโs absolutely mind-numbing to me, the orgs I encounter who donโt have a god damn asset inventory.
-
@badsamurai Is asset inventory covered in "the fucking basics" or is it further down?
@cR0w @badsamurai Asset inventory is covered in "the fucking basics" for system administration, let alone cybersecurity.
-
@badsamurai @cR0w Itโs absolutely mind-numbing to me, the orgs I encounter who donโt have a god damn asset inventory.
@scottwilson @badsamurai @cR0w I'll add another caveat: It's mindnumbing the number of orgs that want a pentest but don't have an inventory.
-
@cR0w @badsamurai Asset inventory is covered in "the fucking basics" for system administration, let alone cybersecurity.
@Mustardfacial @badsamurai Right but I was curious on the LinkedIn take on it.
-
@scottwilson @badsamurai @cR0w I'll add another caveat: It's mindnumbing the number of orgs that want a pentest but don't have an inventory.
-
@cR0w @badsamurai Asset inventory is covered in "the fucking basics" for system administration, let alone cybersecurity.
@Mustardfacial @cR0w right. Forget securityโhow do orgs even do change management without a CMDB (which is unarguably smaller and more targeted than โassetโ).
-
"AI is giving attackers a huge advantage!"
"Yes, it is. It's amazing how quickly it has destroyed dev, sec, ops, management, company missions and priorities, regulations, information literacy, and civil society, making everyone more vulnerable."
@cR0w The new insider threat
Gli ultimi otto messaggi ricevuti dalla Federazione
-
This post did not contain any content.
-
Questo fine settimana alla Fiera di #Milano. Si puรฒ sentire qualcosa anche su Radio Popolare che ha lo stand in loco. Fa' la cosa giusta! dal 13 al 15 marzo 2026 https://www.falacosagiusta.org/
-
@filippodb @Paoblog @devol @internet perche non provare ? @towers:matrix.org se hai voglia di invitarmi. Grazie
-
#referendum #referendumgiustizia
Dove c'รจ potere ed elezioni c'รจ politica.
Su cosa si fa campagna elettorale per elezioni CSM, cosa puรฒ promettere in campagna elettorale un candidato?
Solo su quello che decide il CSM
Carriere e disciplinare.Non va bene
-
This post did not contain any content.
-
This post did not contain any content.
-
๋ ์ด๋ฉด ๋ ๋ง๋ค ์ฐพ์์ต๋๋ค. FediDev KR, ์ฌํด์๋ ์์ฃผ ์คํ๋ฆฐํธ ๋ชจ์์ ์ด์ด๋ณด๋ ค๊ณ ํ๋๋ฐ์. ์ง๊ธ๊น์ง ๊ทธ๋์๋ฏ, ํ๋ง์ ์ฌ๊ณผ์์ ์ฅ์ ํ์์ ํด์ฃผ์ ๋๋ถ์ ์คํ๋ฆฐํธ ๋ชจ์์ ์๊ฒ ์์ฃผ ์ด ์ ์๊ฒ ๋์์ต๋๋ค. ์๋ฌดํผ....... ๋ค๋ค ์ธ์ ์ฏค ์ฐธ์ฌํ๊ธฐ ๊ด์ฐฎ์ผ์ ๊ฐ์!?!?!?
-
@wallmask3 Oh no you're keeping track D:
