Attack of the killer script kiddies
TL;DR
Last August, some of the best cybersecurity teams in the business gathered in Las Vegas to demonstrate the strength of their AI bug-finding systems at DARPA's Artificial Intelligence Cyber Challenge (AIxCC). The tools had scanned 54 million lines of actual software code that DARPA had injected with artificial flaws. The teams were capable enough to identify most of the artificial bugs, but their automated tools went beyond that - they found more than a dozen bugs that DARPA hadn't inserted at all.
Nauti's Take
Nauti sees real progress: AI bug-hunters like DARPA's AIxCC setup or Anthropic's Mythos find flaws human auditors miss — defenders finally get to pick up speed. The catch: the same tools land in attackers' hands and drop the bar so low that any script kiddie can weaponise critical bugs.
Promising for well-funded security teams; caution for everyone still running stacks without AI-assisted patching.