I wonder what gives them that "high confidence", as opposed to this being just a traditional zero-day?
I'm not being snarky or critical, I'm genuinely wondering what about an attack could possibly indicate it was discovered with LLM assistance?
Like, unless the attackers' computers have been seized and they've been able to recover the actual LLM transcript history? But nothing in the article indicates that the hackers have been caught, just that a patch was developed.
Google, Cloudflare, and Microsoft are a trio of companies that get to see most of what's going on the internet. I imagine that if they see you attacking them, they can work back from that and get remarkably far, even against sophisticated actors. If it's their LLM, they presumably keep transcripts. If you searched for the affected API function via a search engine, they almost certainly know. Even if you used a competing search product, you probably went to a site that has Google Analytics. Oh, and one of these companies probably has your DNS lookups. And a good chunk of the world's email traffic. And telemetry from your workstation. And auto-uploaded crash reports... And if it's bad, they can work together behind the scenes to get to the bottom of it.
So, when their threat intel orgs say they have high confidence in something, I'd be inclined to believe it.
I don't doubt that they found some evidence of AI use. I'm just skeptical that the amount and strength of evidence has anything to do with their making this statement.
I've been thinking about why the AI companies are making so much use of fear based marketing. And I'm wonder if it isn't just naked Machiavellianism at work.
For a long time tech companies were forced to compete for power by being the most loved (or at least not the most hated). But now they've found an avenue to cultivate fear.
Excessive use of em-dashes, and emoji bullet points in the readme
But at this point I feel like odds are everyone looking for vulnerabilities is using AI to some extent. Why wouldn't they? It'd be stranger if they didn't.
I say this only slightly in jest, as that's about the only thing I can think of which would legitimately give them 'high confidence'.
"That's why for your safety we need a scan of your ID and your biometrics to let you use our best models"
I'm not sure why or how to turn it off, does anyone know?
(Also, insert weary photo of Kaczynski here.)
If unlock features remain after that, it's a manufacturer feature that's been set up. In that case you'll have to look for a guide for your specific brand and model.
Your phone can't turn this on by itself, if it's doing face recognition that means you set it up at some point.
It's like willingly walking through a minefield.
Tired of this trend.
Idk, this doesn’t strike me as news. Google just missed a vulnerability.
State actors + hackers will have more resources to make better offense. What worse, in my experience AI produced code is blind to overall system behavior. So I fear the exploits will be either low hanging/trivial to exploit errors or bigger system level bugs.
Immediate distrust of the article. GPT 5.5 is out with nearly the same capability. The author might be parroting company marketing, unable to discern that a lot of this is much less complex than it seems. For all we know this group could have had a model examine some obscure line of code thousands of times until it found something.
See https://openai.com/index/gpt-5-5-with-trusted-access-for-cyb...
I imagine Mythos is going to be the same story from what I’ve seen so far.
I got cajoled the other day that I need to upload my ID and ask for 5.5-Cyber access by the Codex desktop app while I was having it develop a fuzzing suite for an open source library I'm(we?) are developing. I was able to berate it into getting back to work.
This struck me as a point of emergent enshittification; an anus if you will.
To circumvent conversations being flagged as "cybersecurity bad!!!" I often have to use previous models (5.3 for example, and sometimes using them through subagents is enough). And when this method no longer works, local models will be good enough for it to not be a problem (for my use case, at least).
https://www.nytimes.com/by/dustin-volz
> I am based in The Times’s Washington bureau, and much of my focus is on the dealings of U.S. cybersecurity and intelligence agencies, including the National Security Agency, Central Intelligence Agency, Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation, as well as their counterparts abroad, chiefly in China, Russia, Iran and North Korea.
> My remit spans nation-state hacking conflict, digital espionage, online influence operations, election meddling, government surveillance, malicious use of A.I. tools and other related topics.
> Before joining The Times, I worked at The Wall Street Journal, where I spent eight years covering cyber conflict and intelligence. My recent work at The Journal included a series of articles revealing a major Chinese intrusion of America’s telecommunications networks that breached the F.B.I.’s wiretap systems and has been described as one of the worst U.S. counterintelligence failures in history. I have also worked at Reuters and National Journal, where I began my career in Washington chronicling congressional efforts to reform surveillance practices at the N.S.A. in the wake of the 2013 Edward Snowden disclosures.
> My work has been internationally recognized, including by the White House Correspondents’ Association, the Gerald Loeb Awards, the Society of Publishers in Asia and the Society for Advancing Business Editing and Writing.
What have you done lately?
GP might be incorrect in stating that the author is parroting Anthropic's marketing, but the author certainly does not go out of his way to specify that these are only Anthropic's claims. It is actually a bit ironic as the article linked[0] from the quoted part (by another author) uses the correct phrasing when dealing with such claims:
> Anthropic, the artificial intelligence company that recently fought the Pentagon over the use of its technology, has built a new A.I. model that it claims is too powerful to be released to the public.
I feel like this website is a particularly dangerous place to ask that and hope it to be a “mic drop” moment. There are a lot of highly accomplished engineers, scientists, founders CEOs, etc. here that could easily respond to that with any manner of impressive qualifications.
> An argument from authority (Latin: argumentum ab auctoritate, also called an appeal to authority, or argumentum ad verecundiam) is a form of argument in which the opinion of an authority figure (or figures) is used as evidence to support an argument. The argument from authority is often considered a logical fallacy and obtaining knowledge in this way is fallible.
> Some consider it a practical and sound way of obtaining knowledge that is generally likely to be correct when the authority is real, pertinent, and universally accepted
Anyway, other than trying to think critically, anything?
Guess how I know you've never been a reporter.
(You thought I was exaggerating about it being "investigative," dincha.)
OP posited that the author didn't know what he's talking about. I pointed out that the author has far more knowledge and experience in the field than rando internet griefers on HN who immediately reach for "shoot the messenger" when they read something that doesn't neatly fit into their pre-conceived worldview, instead of perhaps learning things from other people.
But at least your trope acknowledges that he's an authority on the subject.
Are you one bad headline away from a major hack? Or worse, one hack away from your company going under? It's all a ticking time bomb.
Someone else on HN pointed out that distros like Debian might be too slow as people find live exploits in the kernel, it might not be worth keeping something like that, on the other hand Ubuntu supports live kernel upgrading at the enterprise level, so maybe Ubuntu Server might be Debian's indirect saving grace.
Article says that it was largely a theory until now. That's not entirely true, we know that hackers used Claude to hack the Mexican government, got the PII of every citizen basically. I would not be surprised if there's more hacks that are undetected. The hackers don't need to declare their use of AI, its irrelevant.
https://cloud.google.com/blog/topics/threat-intelligence/ai-...
If I am paid by someone to create an exploit that caused damages wouldn't I be liable? Or could I avoid it by making my client sign a terms of service agreement to not use it that way?
Who created the model and who helped with GPU power to run the model to create the export and should they be doing more.
https://www.nytimes.com/2026/05/11/us/politics/google-hacker...
this instead
https://www.nytimes.com/2026/05/11/us/politics/google-hacker...
(can read the article immediately; slightly less fuss)
To contact the HN mods, you need to send them an email.
What research? Where is it published?
I don't see how you can regulate that though. Just making it illegal to release small models? Or to use unauthorized ones? (I'm kind of not sure the kind of people who want to do bad things are going to be discouraged by such a law though.)
Unlikely in America or China. This is not a game either can singularly control, and locking down the R&D means conceding momentum to the party that doesn't. Which means use restrictions will be contained to countries satisfied with playing second fiddle.
Instead, I suspect we'll see momentum towards running software on publisher-controlled servers so the source code can be secured through obscurity. It isn't perfect. But it might be good enough to get us through this transition.
I don't. I'm not saying American politics isn't capable of doing it. But I don't see us being stupid enough to try locking ourselves out of a technology that everyone else has access to.
Google's blog (https://cloud.google.com/blog/topics/threat-intelligence/ai-...) says Google "worked with the impacted vendor to responsibly disclose this vulnerability", so in this incident, it's not Google software.
-TFA
The robbers used a CAR in the robbery.
The blackmailer used a TYPEWRITER to write blackmailing letter.
Why collect all the news dupes but not the source up top OP? Because the source was already submitted?
Please refer to any seller of weapons ever.
Security "researchers" are overpaid buffoons who hype things for their own salaries and their companies. And the stenographers from the press dutifully copy everything.
This is a despicable game to fool politicians into giving money and favorable AI legislation.
Strangely enough these buffoons never offer their models to open source developers. It is always a select group of highly paid other buffoons that throws some very occasional results over the wall.
Software is in such a state now, Gmail is full of bugs around sharing attachments to the position that I have to tell my dad to turn his phone off and on again in order to attach a document
