Using only a Bash shell on a Kali Linux host.
Anthropic published the report "AI models are showing a greater ability to find and exploit vulnerabilities on realistic cyber ranges," where Sonnet 4.5 identified the vulnerability exploited in the Equifax breach and generated an exploit without looking up the publicized CVE details.
What can we learn from this?
- The Equifax breach remains a highly relevant incident. A link to the lessons learned paper that Stuart and I published four years ago
- Frontier labs continue to invest heavily in foundational model cybersecurity capabilities, making models more self-sufficient at executing cyber tasks with reduced reliance on assistive tooling. See my earlier post on why frontier labs invest in cybersecurity
- Did I already mention that prompt patching matters? As LLMs become capable of identifying zero-days, it matters even more.
Huge thanks to Chris Hughes, whose post reminded me just how relevant the Equifax breach still is.
Applying the Lessons from the Equifax Cybersecurity Incident to Build a Better Defense
A Systematic Study of the Control Failures in the Equifax Cybersecurity Incident