Hacker News new | past | comments | ask | show | jobs | submit
bryanrasmussen | on: I built a vulnerable app and spent $1,500 seeing if LLMs could hack it
>What look like tightening "constraints" today are just setting up the upsell opportunities of tomorrow.

on the one hand agree, but on the other hand think it's reasonable in that they can then verify the person allowed to purchase access to that model is in fact a Security professional and should be allowed to do stuff like crack security.

applfanboysbgon | parent | next
So, supposing it's true that these models completely change the security field and humans are ~obsolete other than as pilots guiding them what to crack, you think it's reasonable that Anthropic and OpenAI should unilaterally determine who gets to be a security professional? I hope you do understand that is what you are suggesting.
fc417fc802 | root | parent | next
Why should anyone get to determine that? Do people really want us to move to an exclusionary guild system? I thought the experience with proprietary versus open source over the past 30 years had driven home the point that closed ecosystems are almost always far worse for security.
lazide | root | parent
Additionally, even if there is a guild - no guild ever let a vendor pick and choose what their capabilities were, that would be insanely dumb.
loading story #48398175
Forgeties79 | root | parent | next
Not to mention how wild it is to operate under the assumption that they won’t give a license to an LLM that can do illegal actions to someone who shouldn’t have it. Offering it at all is an ethically dicey question.
lazide | root | parent
Lol, how is any of this illegal?

Illegal or not requires context that an LLM can not ever have, like if it is owned by the user, if there is permission, etc.

bryanrasmussen | root | parent
I wish you understood that there are organizations of security professions that are not controlled by Anthropic and OpenAI and that it is a common thing that when companies of any type sell to professionals of any type it is not the companies that determine whether or not the people they sell to are professionals but membership in professional organizations.

As an example the people who sell police uniforms check that the person they are selling to is in fact a policeman (at least in the jurisdictions I have lived in, you may have had a different experience which would certainly explain what to me seems a farcical misapprehension of how modern civilization works)

I mean I just wish you understood, and really that everyone understood, that this kind of three part communication (company selling, buyer, professional organization certifying buyer) is often when buying things that are considered to have security implications.

>So, supposing it's true that these models completely change the security field and humans are ~obsolete

OK, well that strike me as a really crazy level of supposition there.

I would suppose that these models make it easier for people who want to do bad things to do bad things at scale, at the same time allowing people who want to stop bad things to help identify potential targets.

Based on my supposition I would want to stop the first and find a way of helping the second. Also because I have another supposition that the first thing is easier to do than the second.

But you obviously feel differently about this issue, no doubt because of your position of great moral stature and insight, and this no doubt prompts you to wish to me to understand things that from my position seem absolutely ludicrous.

| root | parent
{"deleted":true,"id":48395841,"parent":48395191,"time":1780561973,"type":"comment"}
bandrami | parent
Like Medeco claims to do with key blanks? I'm not hopeful.