Today in InfoSec Job Security News:
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog But think about the AI-powered "security researchers". They can now use their AI models to find these vulnerabilities and create 8.2 severity issues to fix it again.
It's like that picture with the circular economy between Nvidia and OpenAI and Microsoft, but with 0days!
-
@GossiTheDog https://github.com/claude right now showing "Something went wrong, please refresh the page to try again." Yeah, dude.
@vlkr @GossiTheDog I get the same behavior here and can go to other profiles just fine
No public repos. Something went wrong.
I guess it could just be that I picked a particularly irrelevant profile to compare against but it did show up just fine without any error.
Could also be that it's too sudden a shift in interest in that particular user.
-
@GossiTheDog what's funny to me, is that there were influencers on linkedin a few days ago claiming claudecode could find vulnerabilities in code faster than humans, and they're like "look at all these openssl vulns it found!" now I'm like. "well no shit its finding vulnerabilities, when its the one introducing them."
@da_667 @GossiTheDog and I’ve been seeing several posts in the past 48 hours that say that A”I” vuln scanners aren’t finding most of them.
Almost makes me wonder if there’s a two-pronged attack here. Introduce them and ignore them.
-
@GossiTheDog ladies and gentlemen, it's this stupid shit (tm) that we are paying up the ass for new SSDs and RAM for.
@da_667 @GossiTheDog I have 5 500MB HDDs that are now probably worth thousands.
-
P pelle@veganism.social shared this topic
