nobody confident in their own abilities is panicking
-
nobody confident in their own abilities is panicking
Infosec community panics over Anthropic Claude Code Security
ai-pocalypse: Not the first of its kind
(www.theregister.com)
the people who are panicking are signaling.
moreover, nobody who has ever tried to use any llm to do code stuff for hours/days/weeks at a time is panicking either.
even people who are deep experts in what they do, who use llms to do stuff day to day, have to put a brick in a tube sock, put that in another tube sock, and swing it hard to bash the llm in the face over and over again to get it to behave and obey. and often that workout takes as much time as not using an llm.
everyone shitting their pants is signaling.
-
moreover, nobody who has ever tried to use any llm to do code stuff for hours/days/weeks at a time is panicking either.
even people who are deep experts in what they do, who use llms to do stuff day to day, have to put a brick in a tube sock, put that in another tube sock, and swing it hard to bash the llm in the face over and over again to get it to behave and obey. and often that workout takes as much time as not using an llm.
everyone shitting their pants is signaling.
fucking good.
"security as we know it" is pay to play, zero boundaries, fraught with grifters, liars and cheats, shitloads of friendly-fire, people buying cert bootcamps to get people fake creditiblity, overdependence on shit like the cissp, people with zero computer experience directing whole armies of super technical folkslet it end.
it desperately needs a reboot.
-
fucking good.
"security as we know it" is pay to play, zero boundaries, fraught with grifters, liars and cheats, shitloads of friendly-fire, people buying cert bootcamps to get people fake creditiblity, overdependence on shit like the cissp, people with zero computer experience directing whole armies of super technical folkslet it end.
it desperately needs a reboot.if youve ever been burned because some asshole in HR shitcanned your resume because "you didnt go to the right college" or you couldnt score a gig because "you refused to get a cissp", or if youve ever ragequit a job because you were just "the token security person who was only there to fulfill a checkbox, and nobody listened to you and you felt like your job didnt matter" then you should want it to burn down too
-
nobody confident in their own abilities is panicking
Infosec community panics over Anthropic Claude Code Security
ai-pocalypse: Not the first of its kind
(www.theregister.com)
the people who are panicking are signaling.
@Viss@mastodon.social "LLMs are fantastic for security and have a great opportunity to actually make a dent in the coming wave of software vulnerabilities[...]"
Yeah... No.
We will believe it when we see it happen. -
if youve ever been burned because some asshole in HR shitcanned your resume because "you didnt go to the right college" or you couldnt score a gig because "you refused to get a cissp", or if youve ever ragequit a job because you were just "the token security person who was only there to fulfill a checkbox, and nobody listened to you and you felt like your job didnt matter" then you should want it to burn down too
@Viss Here is where you should be concerned though, the idiots in charge who do not understand how LLM's work, or how well they work, or, more to the point, don't work.
It's all been a sales campaign to sell the notion that they don't need people. Just replace them with an AI.
It's gonna take some time before the gen pop has the large enough fails from doing so, that they will wake the fuck up.
-
nobody confident in their own abilities is panicking
Infosec community panics over Anthropic Claude Code Security
ai-pocalypse: Not the first of its kind
(www.theregister.com)
the people who are panicking are signaling.
@Viss Panic is too strong. I am concerned about the folks who donโt understand any of these security products, who have never tried to use a LLM to do anything beyond chat prompts, but nonetheless have some decision making power that can affect enterprise information security, listening to any of this stuff and making decisions.
-
fucking good.
"security as we know it" is pay to play, zero boundaries, fraught with grifters, liars and cheats, shitloads of friendly-fire, people buying cert bootcamps to get people fake creditiblity, overdependence on shit like the cissp, people with zero computer experience directing whole armies of super technical folkslet it end.
it desperately needs a reboot.@Viss normally - I'm all for a session of "Let's watch Kurtz & company squirm" because of their shitty past behaviour and righteous clusterfucks they've overseen at McAfee and Crowdstrike.
However - even as jaded as I am with regards to these folks - even I don't think that they earned or deserved that flak.
Just another indication that people who have no knowledge about the infosec or AI industry are investing billions of dollars into something they don't understand and are just as apt to yank funding because of panic.
And it's going to get worse as the AI bubble pops - and it will.
Sad part is - it was never the folks at the top who suffered when the dot com bubble or the sub prime mortgage bubble burst - all the execs seemed to have hand crafted artisanal golden parachutes ready made for when excrement met fan.
No - it's the little folks who ended up paying for it - in terms of their savings or 401K or what have you getting decimated as congress shuffled funds to subsidize these "too big to fail" entities that did just that.
And that's what will happen again with all this AI hype - albeit at a larger scale this time, and it's going to be the little folks footing the bill for the techbro enabled hubris that has brought us to the brink yet again.
-
@Viss normally - I'm all for a session of "Let's watch Kurtz & company squirm" because of their shitty past behaviour and righteous clusterfucks they've overseen at McAfee and Crowdstrike.
However - even as jaded as I am with regards to these folks - even I don't think that they earned or deserved that flak.
Just another indication that people who have no knowledge about the infosec or AI industry are investing billions of dollars into something they don't understand and are just as apt to yank funding because of panic.
And it's going to get worse as the AI bubble pops - and it will.
Sad part is - it was never the folks at the top who suffered when the dot com bubble or the sub prime mortgage bubble burst - all the execs seemed to have hand crafted artisanal golden parachutes ready made for when excrement met fan.
No - it's the little folks who ended up paying for it - in terms of their savings or 401K or what have you getting decimated as congress shuffled funds to subsidize these "too big to fail" entities that did just that.
And that's what will happen again with all this AI hype - albeit at a larger scale this time, and it's going to be the little folks footing the bill for the techbro enabled hubris that has brought us to the brink yet again.
@cjust with any luck enough of the system will break
-
if youve ever been burned because some asshole in HR shitcanned your resume because "you didnt go to the right college" or you couldnt score a gig because "you refused to get a cissp", or if youve ever ragequit a job because you were just "the token security person who was only there to fulfill a checkbox, and nobody listened to you and you felt like your job didnt matter" then you should want it to burn down too
According to the AI developer, Claude Code Security is context-aware - as opposed to simply doing static code analysis. It "reads and reasons about your code the way a human security researcher would: understanding how components interact, tracing how data moves through your application, and catching complex vulnerabilities that rule-based tools miss," the company said.
It's really hard to tell the difference between a human and the masterful work of our friend Claude.
-
@Viss Here is where you should be concerned though, the idiots in charge who do not understand how LLM's work, or how well they work, or, more to the point, don't work.
It's all been a sales campaign to sell the notion that they don't need people. Just replace them with an AI.
It's gonna take some time before the gen pop has the large enough fails from doing so, that they will wake the fuck up.
@krypt3ia @Viss Don't you think we will experience some benefit for the sheer speed at which these systems fail?
The "dot com" bubble-burst seems annual at this stage and I don't think a lot of young people are looking at the industry with quite the same wide-eyed wonder they did in the past. We've got decades of bitter and jaded "consultant" trying to carve out a living since companies have "trimmed the fat". It's dangerous to install anything using
npmand evencurlis closing up their bounty board due to the sheer swell of AI-slop.Enshittification is a tidal wave, but at least it'll be quick? Maybe?
-
if youve ever been burned because some asshole in HR shitcanned your resume because "you didnt go to the right college" or you couldnt score a gig because "you refused to get a cissp", or if youve ever ragequit a job because you were just "the token security person who was only there to fulfill a checkbox, and nobody listened to you and you felt like your job didnt matter" then you should want it to burn down too
i've spent most of my career knowing i'd need to get my resume to the hiring manager and bypass HR if i wanted to have any chance of not getting "screened". most HR spend no more effort trying to understand position requirements than netflix spent on it's "recommended" algorithms.
LLM resume reviews will be that bad or worse. burn it all down.
-
@krypt3ia @Viss Don't you think we will experience some benefit for the sheer speed at which these systems fail?
The "dot com" bubble-burst seems annual at this stage and I don't think a lot of young people are looking at the industry with quite the same wide-eyed wonder they did in the past. We've got decades of bitter and jaded "consultant" trying to carve out a living since companies have "trimmed the fat". It's dangerous to install anything using
npmand evencurlis closing up their bounty board due to the sheer swell of AI-slop.Enshittification is a tidal wave, but at least it'll be quick? Maybe?
@jackryder @Viss Time will tell
-
nobody confident in their own abilities is panicking
Infosec community panics over Anthropic Claude Code Security
ai-pocalypse: Not the first of its kind
(www.theregister.com)
the people who are panicking are signaling.
@Viss Panic! At the Infosec?
-
@Viss Panic! At the Infosec?
@catsalad surely it would be (kernel)panic at the cisco
-
@Viss Panic! At the Infosec?
-
@jackryder @catsalad dat fallout boy doe
-
@catsalad surely it would be (kernel)panic at the cisco
-
@jackryder @catsalad dat fallout boy doe
-
Thnks fr th Xmms
-
@Viss Here is where you should be concerned though, the idiots in charge who do not understand how LLM's work, or how well they work, or, more to the point, don't work.
It's all been a sales campaign to sell the notion that they don't need people. Just replace them with an AI.
It's gonna take some time before the gen pop has the large enough fails from doing so, that they will wake the fuck up.
@krypt3ia @Viss That's my prediction: intense executive pressure is going to lead to a lot of budget being blown on vendors, and then people who're being asked to do more with less will run the risk of being scapegoated when it doesn't work as well as it did in the demo.
Not a new story in infosec but it's cranked up to 11 this timeโฆ
I chime in with a "Haven't you people ever heard of commenting your goddamn code? No..."