Загрузка видео...

Не удалось загрузить видео

На главную

someone at ANTHROPIC just showed CLAUDE finding ZERO DAY vulnerabilities in a live conference demo claude has found zero day in Ghost, 50,000 stars on github, never had a critical security vulnerability in its entire, history... it found the blind SQL injection in 90 minutes, stole the admin api...

1,903,414 просмотров • 3 месяцев назад •via X (Twitter)

Комментарии: 0

Нет доступных комментариев

Здесь появятся комментарии из оригинального поста

Похожие видео

someone built an AI RED TEAM that maps your entire attack surface as a knowledge graph, finds every vulnerability, then EXPLOITS them to root access AUTONOMOUSLY its called RedAmon, 9,000 templates. 17 node types, actual Metasploit shells, not reports, no pentesters needed 6 phases of autonomous recon: subdomain discovery, port scanning, http probing, resource enumeration, vulnerability scanning, MITRE mapping every finding stored in a Neo4j graph with 17 node types and 20+ relationship types. the AI reasons about the graph, finds attack paths, and runs actual Metasploit exploits, actual shells stress-tested with zero vulnerability data, zero exploit modules, one instruction find a CVE and exploit it, it went from empty database to root-level RCE in 20 steps, researched the exploit on the web, crafted a custom deserialization payload, debugged itself when the first attempt failed next try, the server responded with root access, the highest privilege level on any Linux system. full control over everything the target was running node-serialize 0.0.4, a package with a critical deserialization flaw (CVE-2017-5941, CVSS 9.8), the server takes your cookie, decodes it, and passes it straight into unserialize() which executes any code inside it, the AI figured this out on its own with no hints built on LangGraph + MCP tool servers for naabu, nuclei, curl, metasploit. hunts leaked secrets across GitHub repos, 40+ regex patterns for AWS keys, Stripe tokens, database creds

chiefofautism

69,930 просмотров • 4 месяцев назад

An OpenAI researcher sat down next to me at a coffee shop in Mission District I had my terminal open. Three panels. Live trades scrolling. He was reading something on his laptop. Glanced over. Stopped reading. "That's not a dashboard. That's a live scoring engine. What model is running that" I told him. Claude Code. Four repos. $25 a month. He closed his laptop. "I work at OpenAI. We benchmarked Claude internally last month. You're using it to trade prediction markets?" I opened one link. 86 million trades. Every wallet. Every entry. Every exit. The entire Polymarket history since day one. "This is public? We quoted a seven-figure budget to reconstruct this kind of dataset from on-chain data. The project is still in review" I told him Claude Code connects directly. It reads the whole dataset. Finds the wallets that win. Then finds WHY they win. Then copies the pattern. He pulled his chair closer. "Walk me through the exit logic" Top wallets exit before resolution 91% of the time. They capture 86% of the move and cut losers at 12%. Everyone else holds to 58%. Same entries. Completely different exits. My bot cuts at 85% of expected move. Or on a 3x volume spike. Whichever hits first. "Who gave you that threshold" Claude Code found it in poly_data. In about 20 minutes. "We had a team of nine working on this exact problem for six months. They never shipped it. You did it in a weekend with a competitor's model" I opened another link. Three commands. 500+ markets. No API key. Claude scores them in 20 minutes. "That's our internal eval pipeline. Except it took us six months and you built it on a Saturday" My setup: Claude API - $20/mo VPS - $5/mo poly_data - free polymarket-cli - free 19 days. 4 agents. 74% win rate. +$9,400. Copytrade here: I showed him the article where I broke down every repo, every command, every dollar. He read it for five minutes. Then looked up. "You just published what we presented to Sam last quarter. Using the other team's model" He texted me the next morning. "My director found your thread. Take it down" Too late.

Lunar

159,625 просмотров • 2 месяцев назад

🚨APPLE SPENT 5 YEARS AND BILLIONS OF DOLLARS BUILDING THE MOST ADVANCED SECURITY SYSTEM IN CONSUMER HISTORY.. AN AI BROKE IT IN 5 DAYS.. Here’s what just happened.. Apple built something called Memory Integrity Enforcement for its new M5 chips.. It’s a hardware-level security system that attaches secret cryptographic tags to every piece of memory.. If a hacker tries to access memory they shouldn’t.. The chip blocks it instantly.. Every known exploit chain against iOS and macOS was rendered obsolete overnight.. Apple said so themselves.. Then a small team at a cybersecurity firm called Calif used Anthropic’s unreleased Claude Mythos Preview to find vulnerabilities in the macOS kernel.. The AI found the bugs almost instantly.. Because once it learned the pattern of a specific type of flaw.. It could recognize every other flaw in that same class across the entire codebase.. What used to take elite security teams months.. The AI did in hours.. Within 5 days.. The team had a fully working exploit that escalated a basic user account to full root access on an M5 Mac running the latest macOS.. With MIE fully enabled.. The billion-dollar hardware defense running at full strength.. The trick.. They didn’t fight the hardware.. They went around it.. MIE is designed to catch memory corruption.. Hackers trying to overwrite pointers or inject code.. The team used a “data-only” approach instead.. They manipulated legitimate data structures the hardware was never designed to monitor.. Like changing an internal flag from “standard user” to “admin”.. The chip saw a perfectly normal operation.. The operating system obeyed.. And the attacker had total control.. The hardware thought everything was fine.. Because technically it was.. The exploit never triggered a single tag mismatch.. They walked into Apple Park and hand-delivered a 55-page report.. Apple patched it in macOS 26.5.. And for the first time ever.. Apple’s official security advisory credited the vulnerability discovery to “Calif dot io in collaboration with Claude and Anthropic Research”.. An AI is now credited in Apple’s CVE patches.. But here’s what makes this story truly terrifying.. Before MIE existed.. An exploit kit called DarkSword was hitting iPhones with zero-click attacks.. Six vulnerabilities chained together.. Total device control just from visiting a webpage.. Deployed by Russian espionage groups, Turkish surveillance vendors, and actors in Saudi Arabia.. Then it got leaked on GitHub.. Nation-state capabilities.. Free for anyone.. MIE was supposed to make all of that impossible.. And an AI found a way around it in 5 days.. The previous model.. Claude Opus 4.6.. Found 22 security bugs in the Firefox codebase.. Claude Mythos Preview found 271 in the same environment.. A tenfold increase.. Linux kernel CVEs jumped from 300 per year to over 5,500.. Largely driven by AI-powered vulnerability research.. The IMF designated Claude Mythos as a systemic financial stability risk.. Because if an AI finds a flaw in software used by every major bank simultaneously.. It could trigger a cascading financial crisis.. Anthropic knew this was coming.. That’s why they didn’t release the model publicly.. Instead they launched Project Glasswing.. Giving defensive access to AWS, Apple, Google, Microsoft, Nvidia, CrowdStrike, JPMorgan, and others.. $100 million in usage credits.. So defenders can scan their own systems before attackers get this capability.. The Pentagon blacklisted Anthropic over autonomous weapons.. Then quietly started using Mythos to harden government systems anyway.. The cybersecurity arms race just changed permanently.. Hardware can’t save you.. Software can’t save you.. The only defense against an AI that finds vulnerabilities is another AI that finds them first.. Five years and billions of dollars.. Five days and one AI.

Evan Luthra

91,085 просмотров • 1 месяц назад

Anthropic just released a talk on building headless automation with Claude Code. Presented by Sid Bidasaria, Member of Technical Staff at Anthropic live at Code with Claude on May 22, 2025 in San Francisco. Here is what the talk covers. Headless mode lets you run Claude Code without a person actively typing prompts from inside an automated script. Instead of a live session, a script calls Claude with a pre-written instruction using the -p flag. This opens the door for Claude Code to become a piece of a much larger, automated process. In plain terms: Claude Code stops being a tool you use and starts being a service that runs on its own. What this unlocks: Scheduled tasks: Run Claude Code on a cron schedule without anyone at a keyboard. Fix linting errors across an entire codebase. Automatically. Overnight. CI/CD integration: Trigger Claude Code as a step in your build process. Open a PR. Claude reviews it, flags issues, and pushes fixes before a human ever looks at it. GitHub automation: A project manager comments "Claude fix this" on a GitHub issue. Claude reads the request, finds the code, writes the fix, and opens the PR. Multi-machine workflows: One orchestrator dispatches tasks to multiple Claude Code instances running in parallel across different repos simultaneously. When you combine headless mode, hooks, and GitHub Actions, development teams can automate tasks that usually eat up significant time freeing senior engineers to focus on architectural problems while Claude handles the repetitive ones. If you use Claude Code for anything beyond single sessions this talk is worth 20 minutes of your time.

Elias

14,028 просмотров • 1 месяц назад