undefined | Better HN

0 pointsjstummbillig1mo ago0 comments

> The demonstrated ones that they have on the red team blog are neat, the kernel chain is impressive and fun

So by your estimation, for rogue actors being able to uncover hundreds of this class in each major software product roughly for free would not be a big issue?

0 comments

ofjcihen1mo ago

We must have read two different red team blogs from Anthropic if that’s what you think is happening. But let’s go ahead and assume what you’re asking at face value.

It would not be a doomsday issue as implied, no. Org security has gone far beyond static detections and “just exclude some IPs that fail to log in too much and we’re good”. SOAR exists. Behavioral analysis and monitoring exists. Layered defenses exist.

Believe it or not for those of us in security in large highly targeted companies we’ve been dealing with the potential for multiple chained 0 days for years and the processes, monitoring, and (yes, automated) response architecture is already there.

I get that this is absolutely frightening for some and that causes panic but for us this is Tuesday.

j / k navigate · click thread line to collapse

0 comments

ofjcihen1mo ago

We must have read two different red team blogs from Anthropic if that’s what you think is happening. But let’s go ahead and assume what you’re asking at face value.

I get that this is absolutely frightening for some and that causes panic but for us this is Tuesday.

j / k navigate · click thread line to collapse