[bigp3t3]

From Google's GTIG report: https://cloud.google.com/blog/topics/threat-intelligence/ai-...

"Although we do not believe Gemini was used, based on the structure and content of these exploits, we have high confidence that the actor likely leveraged an AI model to support the discovery and weaponization of this vulnerability. For example, the script contains an abundance of educational docstrings, including a hallucinated CVSS score, and uses a structured, textbook Pythonic format highly characteristic of LLMs training data (e.g., detailed help menus and the clean _C ANSI color class) "

[adrian_b]

This only indicates that an AI coding agent was used to write an exploit.

No such circumstantial evidence can prove that an AI model has been used to find the bug.

Of course, it is quite likely that an AI model was used to speed up the search for bugs, but this can never be proven as long as you see only the code used to exploit the bug.

[trollbridge]

It’s analogous to saying “Hackers used an IDE to write an exploit.”

[batshit_beaver]

Oh no, we should create a fear mongering blog post and delay the latest IDE version until we have better security in place!

[jeltz]

This is more like if JetBrains wrote a blog post about the dangers of IDEs.

[otherme123]

They don't say "proven", they say "we have high confidence that the actor likely leveraged an A.I". Do you find that assert too different from your "it is quite likely that an AI model was used to speed up the search for bugs"?

[crazygringo]

Exactly. Making the discovery and then exploiting it are two totally separate things.

The latter in no way implies the former. But it sure does make good press.

[SkiFire13]

That's evidence the script was written by an AI, but not necessarily that the exploit was found by it.

[riedel]

I think it would be rather worth reporting these days if hackers totally handcrafted all code without any use of any AI.

[nelox]

H4ndM4.de

[blitzar]

The post reads like Ai wrote it - from that I can deduce that all strategy at google has been generated by Ai.

[ndr42]

"Although we do not believe Gemini was used"

I don't get the "although": Are they happy that Gemini was not used in cybercrime oder are they bothered because somebody used a (probably better) alternative?