I will salute the new constitution
bow to the new revolution
Smile and smile when you see changes all around you
pick up my guitar and play
just like yesterday
Then I’ll get on my knees and pray
we don’t get fooled again
There in the smoking wreckage of the fourth estate, it’s pretty hard to cover up cyber. Then again, imagine the AI crap piling up. Can one cross the fog? Apparently for the WSJ and the NY Times, the answer is no.
Yes, it’s anthropological again. This time writing a blog-post level document titled “Disrupting a previously reported AI-orchestrated cyber espionage campaign” and pitching it to the major tech press.
The crux of the problem here is that expertise in cyber is rare and expertise in AI/ML is rare…but expertise in both? It is not only rare, but like hydrogen-7, which has a half-life of about 10^-24 seconds, it disappears very rapidly as both fields advance. Even superstar tech journalists can’t keep everything straight.
Let’s start from the end. what a question Needed The press has asked Anthropic about their latest security story? How about, “What parts of these attacks can only be accomplished with agentic AI?” From our little opinion at BIML, it looks like the answer is resounding nobody,
Now that we know the ending, let’s take a look at both sides of the beginning. Safety first. Unfortunately, brute force, cloud-scale, turnkey software exploitation is what has been driving the ransomware cybercrime wave for at least a decade now. All of the offensive security tooling techniques used by attackers described by Anthropic are available as open source frameworks, with leading experts like Kevin Beaumont labeling the whole thing as “a vibrant use of open source attack frameworks.” Will existing controls work against it? Apparently the anthropic claims were not successfully attacked for “a handful” of the thirty companies. Laugh out loud.
By now those of us old enough to know better than to call ourselves security experts have learned how to regard the claims being made by Anthropic with skepticism. “Show me the sticks,” we shout, waving our sticks in the air. seriously. Where is the real evidence? Who has seen this? Do we repeat with credence what security salespeople tell us because it is God’s honest truth? No we don’t. Which was successfully attacked? Did journalists follow him? Who was in the list of 30?
Oh second. In today’s overheated AI world it is very easy to make exaggerated claims. One of the most trivial (and intellectually lazy) ways of doing this is to use anthropomorphic language when we are describing what LLMs do. LLMs do not “think” or “believe” or “act intentionally” like humans. (FWIW, Anthropic is very guilty of this and they’re not getting better.) LLM does a great job of role playing though. So it’s easy to dress up someone as a black hat nation state hacker and send him into the Klieg light.
So who did this? How can we prove it beyond reasonable doubt? Ridiculously, the real attack here is asking an LLM to pretend to be a red team member with a white hat, wearing a Where’s Waldo shirt and facing an SSRF attack. Wake me up when it’s over.
Finally, is this really “the first documented case of a large-scale cyber attack executed without significant human intervention”… no, it was 90s script kiddies.
Let’s be very clear here. Machine Learning Security is absolutely critical. We have a lot of work to do. So let’s get real and get to it.