Security experts warn AI could help amateur hackers find software flaws

In short: Security researchers say newer AI tools can find software bugs fast, and that could also make it easier for amateur hackers to cause real damage.

What's going on

Cybersecurity teams have been testing AI systems that can scan huge amounts of software code and spot mistakes. At DARPA’s Artificial Intelligence Cyber Challenge in Las Vegas last August, tools scanned 54 million lines of code that had been seeded with fake flaws. Teams found most of those planted bugs, and their tools also uncovered more than a dozen real bugs that were not planted.

The Verge reports that concern rose further after Anthropic released Claude Mythos, an AI model that appears especially good at finding “vulnerabilities” (weak spots in software that can be used to break in). Experts worry the same kinds of tools that help defenders find problems could also help attackers exploit them. In simple terms, it is like giving more people a powerful metal detector, and some will use it to find lost keys while others use it to find unlocked doors.

Researchers quoted by The Verge say the time needed to find serious flaws has dropped sharply. Tim Becker of Theori said work that used to take weeks or months can now take hours with AI bug-finding tools. Dan Guido of Trail of Bits warned that AI can “supercharge” so-called script kiddies, people who do not have deep skills but can still cause trouble using tools made by others.

What to watch

Companies may face a flood of bug reports and a “patchpocalypse,” meaning they must fix more issues, faster. Experts say basics still matter, like keeping software updated, using stronger login protections, and deciding which fixes are most urgent. At the same time, some researchers caution that criminals may adopt these AI tools unevenly, so the real-world impact could vary by industry and attacker.

Source: The Verge AI