AI Hackers Are Coming Dangerously Close to Beating Humans (msn.com)
(Thursday December 11, 2025 @11:44AM (msmash)
from the brave-new-world dept.)
- Reference: 0180362117
- News link: https://it.slashdot.org/story/25/12/11/1613223/ai-hackers-are-coming-dangerously-close-to-beating-humans
- Source link: https://www.msn.com/en-us/money/other/ai-hackers-are-coming-dangerously-close-to-beating-humans/ar-AA1S9kPg
Stanford researchers spent much of the past year building an AI bot called Artemis that scans networks for software vulnerabilities, and when they pitted it against ten professional penetration testers on the university's own engineering network, [1]the bot outperformed nine of them . The [2]experiment offers a window into how rapidly AI hacking tools have improved after years of underwhelming performance.
"We thought it would probably be below average," said Justin Lin, a Stanford cybersecurity researcher. Artemis found bugs at a fraction of human cost -- just under $60 per hour compared to the $2,000 to $2,500 per day that professional pen testers typically charge. But its performance wasn't flawless. About 18% of its bug reports were false positives, and it completely missed an obvious vulnerability on a webpage that most human testers caught. In one case, Artemis found a bug on an outdated page that didn't render in standard browsers; it used a command-line tool called Curl instead of Chrome or Firefox.
Dan Boneh, a Stanford computer science professor who advised the researchers, noted that vast amounts of software shipped without being vetted by LLMs could now be at risk. "We're in this moment of time where many actors can increase their productivity to find bugs at an extreme scale," said Jacob Klein, head of threat intelligence at Anthropic.
[1] https://www.msn.com/en-us/money/other/ai-hackers-are-coming-dangerously-close-to-beating-humans/ar-AA1S9kPg
[2] https://arxiv.org/abs/2512.09882
"We thought it would probably be below average," said Justin Lin, a Stanford cybersecurity researcher. Artemis found bugs at a fraction of human cost -- just under $60 per hour compared to the $2,000 to $2,500 per day that professional pen testers typically charge. But its performance wasn't flawless. About 18% of its bug reports were false positives, and it completely missed an obvious vulnerability on a webpage that most human testers caught. In one case, Artemis found a bug on an outdated page that didn't render in standard browsers; it used a command-line tool called Curl instead of Chrome or Firefox.
Dan Boneh, a Stanford computer science professor who advised the researchers, noted that vast amounts of software shipped without being vetted by LLMs could now be at risk. "We're in this moment of time where many actors can increase their productivity to find bugs at an extreme scale," said Jacob Klein, head of threat intelligence at Anthropic.
[1] https://www.msn.com/en-us/money/other/ai-hackers-are-coming-dangerously-close-to-beating-humans/ar-AA1S9kPg
[2] https://arxiv.org/abs/2512.09882
Maybe (Score:2)
by liqu1d ( 4349325 )
They had to give it hints as to what to find. I don't see an example of the hints though. While interesting I would love to see more information than presented.
Make a problem, sell the solution (Score:2)
by AmazingRuss ( 555076 )
"We're in this moment of time where many actors can increase their productivity to find bugs at an extreme scale," ... so subscribe now!
One in ten (Score:2)
by alleycat0 ( 232486 )
If I was that one guy that beat the AI, I'd be asking for a raise right now.
Why aren't the bugs all hallucinated? (Score:1)
by blue trane ( 110704 )
How can AI simultaneously be a hallucination machine with no real-world credibility, as proven by math, and also a threat to the security of the systems red-star slashdot commentator gweihir boasts he's in charge of?
Script Kiddies (Score:3)
Yet again. AI improves the world.
Bonus: Modern script kiddies will be more powerful than ever.
Vibe hacking (Score:2)
Script kiddies won't ever find the good vulns now. APT groups are already using these systems.