Most active commenters
  • dev_l1x_be(5)

←back to thread

Anthropic’s paper smells like bullshit

(djnn.sh)
1160 points vxvxvx | 18 comments | 16 Nov 25 11:32 UTC | HN request time: 0.787s | source | bottom

Earlier thread: Disrupting the first reported AI-orchestrated cyber espionage campaign - https://news.ycombinator.com/item?id=45918638 - Nov 2025 (281 comments)
1. dev_l1x_be ◴[16 Nov 25 12:39 UTC] No.45944671[source]
People grossly underestimate APTs. It is more common than an average IT curious person thinks. I happened to be oncall when one of these guys hacked into Gmail from our infra. It took principal security engineers a few days before they could clearly understand what happened. Multiple zero days, stolen credit cards, massive social campaign to get one of the Google admins click on a funny cat video finally. The investigation revealed which state actor was involved because they did not bother to mask what exactly they were looking for. AI just accelerates the effectiveness of such attacks, lowers the bar a bit. Maybe quite a bit?
replies(5): >>45944757 #>>45944813 #>>45944815 #>>45945326 #>>45952970 #
2. jmkni ◴[16 Nov 25 12:53 UTC] No.45944757[source]
Do you mean APT (Advanced persistent threat)?
replies(3): >>45944793 #>>45947295 #>>45948814 #
3. names_are_hard ◴[16 Nov 25 13:00 UTC] No.45944793[source]
It's confusing. Various vendors sell products they call ATPs [0] to defend yourself from APTs...

[0] Advanced Threat Protection

replies(1): >>45944840 #
4. f311a ◴[16 Nov 25 13:03 UTC] No.45944813[source]
A lot of people behind APTs are low-skilled and make silly mistakes. I worked for a company that investigates traces of APTs, they make very silly mistakes all the time. For example, oftentimes (there are tens of cases) they want to download stuff from their servers, and they do it by setting up an HTTP server that serves the root folder of a user without any password protection. Their files end up indexed by crawlers since they run such servers on default ports. That includes logs such as bash history, tool logs, private keys, and so on.

They win because of quantity, not quality.

But still, I don't trust Anthropic's report.

replies(1): >>45944994 #
5. lxgr ◴[16 Nov 25 13:04 UTC] No.45944815[source]
Important callout. It starts with comforting voices in the background keeping you up to date about the latest hardware and software releases, but before you know it, you've subscribed to yet another tech podcast.
6. jmkni ◴[16 Nov 25 13:06 UTC] No.45944840{3}[source]
relevant username :)
7. marcusb ◴[16 Nov 25 13:29 UTC] No.45944994[source]
The security world overemphasizes (fetishizes, even,) the "advanced" part because zero days and security tools to compensate against zero days are cool and fun, and underemphasizes the "persistent" part because that's boring and hard work and no fun.

And, unless you are Rob Joyce, talking about the persistent part doesn't get you on the main stage at a security conference (e.g., https://m.youtube.com/watch?v=bDJb8WOJYdA)

8. sidewndr46 ◴[16 Nov 25 14:19 UTC] No.45945326[source]
You're telling me you were targeted by Multiple Zero Days in 1 single attack?
replies(3): >>45946935 #>>45947291 #>>45953541 #
9. ikiris ◴[16 Nov 25 17:50 UTC] No.45946935[source]
That's generally how actual APT attacks go, yes.
10. dev_l1x_be ◴[16 Nov 25 18:37 UTC] No.45947291[source]
Google was.
replies(1): >>45954715 #
11. dev_l1x_be ◴[16 Nov 25 18:37 UTC] No.45947295[source]
Yes, sorry typo.
replies(1): >>45948192 #
12. dang ◴[16 Nov 25 20:37 UTC] No.45948192{3}[source]
I've taken the liberty of fixing it in your post. I hope that's ok!
replies(1): >>45948261 #
13. dev_l1x_be ◴[16 Nov 25 20:47 UTC] No.45948261{4}[source]
Absolutely, thank you!
14. chasd00 ◴[16 Nov 25 22:00 UTC] No.45948814[source]
i seriously thought APT meant advanced persistent teen
15. AdamN ◴[17 Nov 25 12:21 UTC] No.45952970[source]
Not just effectiveness, but speed.
16. datadrivenangel ◴[17 Nov 25 13:52 UTC] No.45953541[source]
Usually the most advanced attacks are a few chained zero days or a zero day on top of a configuration /patching error. The worst attacks are when a zero day for wordpress or outlook comes out.
17. sidewndr46 ◴[17 Nov 25 15:55 UTC] No.45954715{3}[source]
OK so when you say "hacked into Gmail" you actually mean someone breached the infra of email. Not that they did some credential stuffing / password reset attack & got into one person's Gmail account?
replies(1): >>45991923 #
18. dev_l1x_be ◴[20 Nov 25 12:32 UTC] No.45991923{4}[source]
Yes.