Most active commenters

    ←back to thread

    Anthropic’s paper smells like bullshit

    (djnn.sh)
    1160 points vxvxvx | 11 comments | 16 Nov 25 11:32 UTC | HN request time: 0.001s | source | bottom

    Earlier thread: Disrupting the first reported AI-orchestrated cyber espionage campaign - https://news.ycombinator.com/item?id=45918638 - Nov 2025 (281 comments)
    1. gpi ◴[16 Nov 25 14:44 UTC] No.45945486[source]
    The below amendment from the anthropic blog page is telling.

    Edited November 14 2025:

    Added an additional hyperlink to the full report in the initial section

    Corrected an error about the speed of the attack: not "thousands of requests per second" but "thousands of requests, often multiple per second"

    replies(2): >>45946057 #>>45947275 #
    2. AstroBen ◴[16 Nov 25 16:02 UTC] No.45946057[source]
    There is absolutely no way a technical person would mix those up
    replies(2): >>45948313 #>>45949225 #
    3. wging ◴[16 Nov 25 18:34 UTC] No.45947275[source]
    > The operational tempo achieved proves the use of an autonomous model rather than interactive assistance. Peak activity included thousands of requests, representing sustained request rates of multiple operations per second.

    The assumption that no human could ever (program a computer to) do multiple things per second, nor have their code do different things depending on the result of the previous request is... interesting.

    (observation is not original to me, it was someone on Twitter who pointed it out)

    replies(1): >>45947920 #
    4. sublimefire ◴[16 Nov 25 19:58 UTC] No.45947920[source]
    Great point, it might be just pure ignorance. Even OSS pentesting tooling such as metasploitable have great capabilities. I see how LLM could be leveraged to build custom modules on top of those tools or how can you add basic LLM “decision” making, but this is just another additive tool in the chain.
    5. edanm ◴[16 Nov 25 20:54 UTC] No.45948313[source]
    Right! It's well known that technical people never make mistakes.
    replies(2): >>45948424 #>>45948468 #
    6. ◴[16 Nov 25 21:11 UTC] No.45948424{3}[source]
    7. SiempreViernes ◴[16 Nov 25 21:18 UTC] No.45948468{3}[source]
    I think the expectation is more that serious people have their work checked over by other serious people to catch the obvious mistakes.
    replies(2): >>45950395 #>>45951969 #
    8. wonnage ◴[16 Nov 25 22:57 UTC] No.45949225[source]
    But what about an ML person roped into writing an AI assisted blogpost about security
    9. ChadNauseam ◴[17 Nov 25 02:35 UTC] No.45950395{4}[source]
    Every time you have your work "checked over by other serious people", it eliminates 90% of the mistakes. So you have it checked over twice so that 99% of mistakes have been eliminated, and so on. But it never gets to 0% mistakes. That's my experience anyway.
    replies(1): >>45956672 #
    10. szszrk ◴[17 Nov 25 09:00 UTC] No.45951969{4}[source]
    Serious people like to look at things through a magnifying glass. Which makes them miss a lot.

    I've seen printed books checked by paid professionals that consisted a "replace all" populated without context. Creating a grammar error on every single page. Or ones where everyone just forgot to add page numbers. Or a large cook book where index and page numbers didn't mach, making it almost impossible to navigate.

    I'm talking of pre-AI work, with publisher. Apparently it wasn't obvious for them.

    11. gopher_space ◴[17 Nov 25 18:52 UTC] No.45956672{5}[source]
    Every time you have your work "checked over by other serious people", it only means it's been checked over by other people. You can't attach a metric to this process. Especially when it comes to security, adding more internal eyeballs doesn't mean you've expanded coverage.

    One of the things I enjoy about Penn and Teller is that they explain in detail how their point of view differs from the audiences and how they intentionally use that difference in their shows. With that in mind you might picture your org as the audience, with one perspective diligently looking forwards.