[ { "start": 0.1, "end": 3.78, "text": "A disturbing,\nyet not really surprising article or" }, { "start": 3.82, "end": 7.28, "text": "post was published by Anthropic yesterday." }, { "start": 7.36, "end": 11.08, "text": "An article about an AI-orchestrated" }, { "start": 11.24, "end": 14.76, "text": "cyber espionage campaign, a cyberattack" }, { "start": 15.06, "end": 17.72, "text": "carried out with help of AI,\nwith help of Claude code." }, { "start": 17.74, "end": 21.24, "text": "And it's an interesting article.\nI already read it" }, { "start": 21.28, "end": 25.12, "text": "together with you here. So Anthropic,\nin this article," }, { "start": 25.16, "end": 28.84, "text": "describes a, a cyberattack on" }, { "start": 28.9, "end": 32.74, "text": "various companies that\nwas carried out almost entirely with" }, { "start": 32.759, "end": 36.74, "text": "help of AI,\nalmost entirely with help of Claude code," }, { "start": 36.78, "end": 40.58, "text": "by jailbreaking Claude code,\nby getting it to do" }, { "start": 40.88, "end": 44.61, "text": "things it normally shouldn't do.\nAnd let's take a closer look at" }, { "start": 44.68, "end": 48.6, "text": "how that played out.\n\"In mid-September 2025," }, { "start": 48.62, "end": 52.51, "text": "we, Anthropic,\ndetected suspicious activity that later," }, { "start": 52.54, "end": 56.5, "text": "investigation determined to be a highly\nsophisticated espionage campaign." }, { "start": 56.54, "end": 59.98, "text": "The attackers used AI's agentic\ncapabilities to an" }, { "start": 60.06, "end": 64.04, "text": "unprecedented degree,\nusing AI not just as an advisor, but to" }, { "start": 64.12, "end": 67.83, "text": "execute the cyberattacks themselves.\"\nAnd that's, that" }, { "start": 67.9, "end": 71.26, "text": "is huge that you can" }, { "start": 71.36, "end": 74.9, "text": "already use AI, AI that is" }, { "start": 74.92, "end": 78.72, "text": "published by Anthropic,\nAI models by Anthropic, and the" }, { "start": 78.78, "end": 82.54, "text": "Claude code tool by Anthropic to carry out" }, { "start": 82.6, "end": 85.04, "text": "cyberattacks. And, uh, here's why that is" }, { "start": 85.06, "end": 89.04, "text": "important.\nToday we're living in a world where" }, { "start": 89.1, "end": 92.54, "text": "the most capable models are the" }, { "start": 92.6, "end": 95.88, "text": "models by OpenAI, Anthropic, X," }, { "start": 95.94, "end": 99.86, "text": "Google,\nand of course we've got some very capable" }, { "start": 99.92, "end": 103.69, "text": "too,\nbut we're still at a point in time on a," }, { "start": 103.76, "end": 107.38, "text": "timeline, we are still at a point in time" }, { "start": 107.42, "end": 110.96, "text": "where most of these models and the,\nthe most capable" }, { "start": 111.02, "end": 114.62, "text": "models are controlled by companies," }, { "start": 115.12, "end": 117.84, "text": "most of them by companies in democracies." }, { "start": 117.9, "end": 121.88, "text": "Now, I'll not say that these companies\nare saints or" }, { "start": 122.28, "end": 126.12, "text": "don't do bad stuff, but they're not bad" }, { "start": 126.24, "end": 129.56, "text": "actors in the sense of this article." }, { "start": 129.58, "end": 132.59, "text": "They're not cyber, um, attackers" }, { "start": 132.84, "end": 136.46, "text": "obviously. However, in the future,\nin the not too" }, { "start": 136.6, "end": 139.84, "text": "distant future, we will be at a place" }, { "start": 139.9, "end": 143.41, "text": "where these models,\nthese very capable models" }, { "start": 144.02, "end": 147.75, "text": "will also be owned by bad actors" }, { "start": 147.78, "end": 151.6, "text": "themselves.\nSo right now here in this article," }, { "start": 151.68, "end": 155.2, "text": "about a cyberattack that\nwas carried out with help of" }, { "start": 155.28, "end": 159.0, "text": "Anthropic and Claude code.\nAnd it's bad enough that this is possible," }, { "start": 159.16, "end": 163.06, "text": "trick those tools\nand models into doing stuff they shouldn't" }, { "start": 163.1, "end": 166.72, "text": "we'll get back to how that happened,\nof course, but that is" }, { "start": 166.76, "end": 170.56, "text": "today. We still have to apply tricks," }, { "start": 170.64, "end": 173.86, "text": "uh, to abuse these models. In a" }, { "start": 173.94, "end": 177.48, "text": "future,\nthese models will simply belong to the bad" }, { "start": 177.66, "end": 181.42, "text": "actors themselves.\nThere will be open models that are capable" }, { "start": 181.48, "end": 185.35, "text": "enough of doing that,\nso then certain control mechanisms," }, { "start": 185.4, "end": 189.14, "text": "get back here in this article,\nwon't even be there anymore." }, { "start": 189.2, "end": 193.0, "text": "We'll be in a future where bad actors have" }, { "start": 193.04, "end": 196.97, "text": "direct,\nuncontrolled access to very capable models" }, { "start": 197.14, "end": 200.94, "text": "can be fine-tuned for their purposes,\nthat can be" }, { "start": 201.04, "end": 204.9, "text": "trained for their purposes,\nthat can use tools that were" }, { "start": 205.0, "end": 207.5, "text": "purpose built for malicious stuff." }, { "start": 207.58, "end": 211.38, "text": "That is where we're heading to,\nand even today where we're not there" }, { "start": 211.52, "end": 215.04, "text": "yet or where this is still a niche,\neven today, we" }, { "start": 215.2, "end": 219.19, "text": "have fully or almost fully AI-controlled," }, { "start": 219.42, "end": 223.3, "text": "uh, cyberattacks. So this\nis definitely a scary article" }, { "start": 223.36, "end": 227.02, "text": "and, and a scary future,\nwhich makes it very clear that" }, { "start": 227.12, "end": 229.56, "text": "cybersecurity and" }, { "start": 229.62, "end": 233.4, "text": "preventing attacks will be a super" }, { "start": 233.52, "end": 237.42, "text": "big challenge. It always has been,\nbut now with AI where everything can be" }, { "start": 237.52, "end": 240.84, "text": "quicker and more automated\nand harder to trace back to" }, { "start": 240.88, "end": 244.64, "text": "individuals,\nit will be an even more important" }, { "start": 244.66, "end": 247.84, "text": "topic. But back to this article.\n\"The threat" }, { "start": 247.94, "end": 251.76, "text": "actor,\nwhom we assess with high confidence" }, { "start": 251.98, "end": 255.56, "text": "state-sponsored group,\nmanipulated our Claude code" }, { "start": 255.98, "end": 259.6, "text": "tool into attempting infiltration into\nroughly 30" }, { "start": 259.64, "end": 263.63, "text": "global targets and succeeded in a small\nnumber of cases.\" So it was not just" }, { "start": 263.66, "end": 267.5, "text": "an attempt. They succeeded. \"The operation" }, { "start": 267.54, "end": 271.12, "text": "targeted large tech companies,\nfinancial institutions," }, { "start": 271.16, "end": 273.81, "text": "companies, and government agencies." }, { "start": 274.02, "end": 277.58, "text": "Uh, we believe this\nis the first documented case of a" }, { "start": 277.64, "end": 281.42, "text": "cyberattack executed without substantial\nhuman intervention.\" This is so" }, { "start": 281.52, "end": 283.86, "text": "big, without substantial human" }, { "start": 283.92, "end": 287.69, "text": "intervention. And again, that\nis why this is" }, { "start": 287.74, "end": 291.54, "text": "such a scary future where bad actors don't\neven" }, { "start": 291.6, "end": 295.26, "text": "need to rely on, um, these controlled" }, { "start": 295.52, "end": 298.74, "text": "AI models, uh,\nwhich they still have to rely on today." }, { "start": 298.75, "end": 301.969, "text": "\"Upon detecting this activity,\nwe immediately launched an investigation" }, { "start": 302.02, "end": 306.0, "text": "understand its scope and nature. Uh,\nover the following 10 days, as we" }, { "start": 306.02, "end": 309.96, "text": "mapped the severity\nand full extent of the operation," }, { "start": 309.98, "end": 313.84, "text": "they were identified.\" So again,\nthese were really regular" }, { "start": 313.94, "end": 316.84, "text": "Claude accounts. These people were using" }, { "start": 316.9, "end": 319.91, "text": "Claude, the model hosted by Anthropic." }, { "start": 319.92, "end": 323.64, "text": "They did not kind of steal it,\nrun it on their own servers" }, { "start": 323.74, "end": 327.56, "text": "models.\nThey used the models you can use too via" }, { "start": 327.6, "end": 331.42, "text": "via Claude code.\nThis campaign has substantial" }, { "start": 331.44, "end": 335.28, "text": "implications for cybersecurity in the age\nof AI agents, as I just said," }, { "start": 335.34, "end": 339.29, "text": "because everything can be automated\nand it's already possible today, uh," }, { "start": 339.34, "end": 342.09, "text": "where there are guardrails in place." }, { "start": 342.1, "end": 345.8, "text": "And again, think of\nthat future where we have no guardrails" }, { "start": 345.92, "end": 349.88, "text": "actors don't have guardrails. \"Uh,\nthese attacks are likely" }, { "start": 349.92, "end": 351.9, "text": "to only grow in their effectiveness." }, { "start": 351.94, "end": 355.68, "text": "To keep pace with this rapidly advancing\nthreat, we have expanded our" }, { "start": 355.7, "end": 359.65, "text": "detection capabilities\nand developed better classifiers to flag" }, { "start": 359.72, "end": 363.472, "text": "activities.\" And that's the important part\nhere.This is what" }, { "start": 363.482, "end": 366.832, "text": "Anthropic is trying to do today to make\nsure that their" }, { "start": 366.872, "end": 370.742, "text": "models can't be abused for malicious\ntasks," }, { "start": 370.812, "end": 374.612, "text": "that Claude code can't be abused\nand ultimately," }, { "start": 374.632, "end": 377.952, "text": "their APIs,\nwhich Claude code uses in the end." }, { "start": 378.012, "end": 381.972, "text": "This all won't matter at all in the future\nbecause" }, { "start": 382.052, "end": 385.912, "text": "in a future where bad actors themselves\nhave their own models" }, { "start": 385.972, "end": 389.762, "text": "running on their own servers,\nthese guardrails won't" }, { "start": 389.792, "end": 391.902, "text": "matter. Well,\nobviously they will still matter." }, { "start": 391.972, "end": 395.552, "text": "Obviously,\nyou still want to make it easier than it's" }, { "start": 395.632, "end": 399.072, "text": "obviously not all bad actors will have\ntheir" }, { "start": 399.152, "end": 402.912, "text": "own malicious models, but especially\nif we're talking about" }, { "start": 402.932, "end": 406.512, "text": "state-controlled bad actors or big" }, { "start": 406.572, "end": 410.352, "text": "cyber attacker groups. Let's, let's be" }, { "start": 410.372, "end": 414.252, "text": "real.\nOf course they will have access to their" }, { "start": 414.292, "end": 417.882, "text": "on their own servers,\nso this will not matter at" }, { "start": 417.992, "end": 421.932, "text": "all in that future. Obviously,\nit will matter still because you don't" }, { "start": 421.972, "end": 425.832, "text": "make it easier and it will at least filter\nout a significant" }, { "start": 425.932, "end": 429.812, "text": "group of potential bad actors\nthat don't have access to their own" }, { "start": 429.872, "end": 433.852, "text": "models. So yeah, it's important,\nbut it will not be enough." }, { "start": 433.912, "end": 437.712, "text": "Companies themselves need to ramp up" }, { "start": 437.772, "end": 441.732, "text": "their cybersecurity game, which\nis easier said than done because" }, { "start": 441.772, "end": 445.752, "text": "it has been true for the last 10 years,\nof course, even without AI, but it's" }, { "start": 445.772, "end": 448.872, "text": "becoming even more important in the age of\nAI." }, { "start": 450.132, "end": 453.612, "text": "So yeah, that is, that\nis the big problem here." }, { "start": 453.652, "end": 457.032, "text": "Now, let's see how the, uh,\ncyberattack worked." }, { "start": 457.132, "end": 460.762, "text": "Uh,\nthe attack relied on several features of" }, { "start": 460.792, "end": 464.432, "text": "exist or were in much more nascent form\njust a year ago." }, { "start": 464.452, "end": 468.172, "text": "Intelligence:\nModels' general levels of capability have" }, { "start": 468.272, "end": 472.152, "text": "point that they can follow complicance-\ncomplex instructions and understand" }, { "start": 472.192, "end": 476.012, "text": "context in ways that make very\nsophisticated tasks possible." }, { "start": 476.052, "end": 479.722, "text": "Not only that,\nbut several of their well-developed" }, { "start": 479.752, "end": 483.212, "text": "particular software coding,\nlend themselves to being used in" }, { "start": 483.252, "end": 487.122, "text": "Sure, because now with models that\nare smarter," }, { "start": 487.152, "end": 490.782, "text": "and just to be very clear here,\nwe're still talking about models that" }, { "start": 490.892, "end": 494.872, "text": "just generate tokens,\nbut of course by generating these tokens" }, { "start": 494.932, "end": 498.922, "text": "that are able, they\nare able to describe the usage of tools" }, { "start": 498.952, "end": 502.452, "text": "tools, they become more capable.\nWith all the" }, { "start": 502.472, "end": 506.092, "text": "fine-tuning they received,\nthey also generate more tokens that are" }, { "start": 506.352, "end": 510.332, "text": "likely to be or more likely to be the\ntokens you want to generate, so that" }, { "start": 510.372, "end": 514.292, "text": "is what intelligence means here.\nThey're not really intelligent, but they" }, { "start": 514.352, "end": 518.182, "text": "have been tuned especially for software\ndevelopment such that" }, { "start": 518.212, "end": 521.962, "text": "they are much more likely to generate\nmeaningful output" }, { "start": 522.272, "end": 526.092, "text": "and especially also output\nthat allows them to describe tool" }, { "start": 526.172, "end": 529.892, "text": "use and then use those tools,\nso execute code" }, { "start": 529.902, "end": 533.732, "text": "that does something. Uh, for example,\nsend an HTTP request and so" }, { "start": 533.772, "end": 537.572, "text": "on, and it's that combination\nthat makes them more capable" }, { "start": 537.912, "end": 541.112, "text": "in the end. And of course, yeah,\nthat's exactly what you need for automated" }, { "start": 541.132, "end": 545.012, "text": "cyberattacks,\nbecause you need a model that's able to" }, { "start": 545.072, "end": 547.272, "text": "follow your instructions related to that." }, { "start": 547.312, "end": 550.912, "text": "You need a model that's able to send HTTP\nrequests, phishing" }, { "start": 550.972, "end": 554.662, "text": "emails, whatever, and all that\nis what these models can do" }, { "start": 554.752, "end": 558.242, "text": "quite well in the end. Agency:\nModels can act as agents." }, { "start": 558.272, "end": 561.872, "text": "That is,\nthey can run in loops where they take" }, { "start": 561.932, "end": 564.812, "text": "tasks and make decisions with only minimal\noccasional human" }, { "start": 564.872, "end": 567.432, "text": "input. That's another important step." }, { "start": 567.512, "end": 571.242, "text": "This is what allows these, um, systems\nor these" }, { "start": 571.272, "end": 575.192, "text": "attacks here in this case to work with\nonly minimal human input" }, { "start": 576.132, "end": 580.032, "text": "because these models and the software\nthat uses" }, { "start": 580.072, "end": 583.712, "text": "these models can go for so much longer\nand it's important to" }, { "start": 583.752, "end": 587.672, "text": "differentiate here. The model is,\nis still just the" }, { "start": 587.712, "end": 591.332, "text": "thing that receives a prompt\nand sends back some tokens." }, { "start": 591.352, "end": 595.292, "text": "That, that has not changed.\nBut it's the software, Claude Code, for" }, { "start": 595.372, "end": 599.252, "text": "example, that then takes that output\nand sends back another" }, { "start": 599.312, "end": 602.742, "text": "message to the same API with that output,\nwith the original" }, { "start": 602.852, "end": 606.572, "text": "task, with some meta instructions like,\n\"Please check if that" }, { "start": 606.612, "end": 609.412, "text": "output answers the question by the user." }, { "start": 609.472, "end": 612.932, "text": "You got these tools available,\nplease tell me if you want to use a tool.\"" }, { "start": 612.992, "end": 616.912, "text": "how the software around the models in the\nend makes these" }, { "start": 616.992, "end": 620.711, "text": "models more capable,\nnot because the model does everything on" }, { "start": 620.752, "end": 624.352, "text": "the model is capable of giving the\nsoftware the" }, { "start": 624.392, "end": 628.372, "text": "result it needs.\nThe software then feeds these enriched" }, { "start": 628.412, "end": 632.112, "text": "the model and it's this loop\nthat keeps the whole system going and that" }, { "start": 632.192, "end": 635.972, "text": "leads to these agentic systems that can go" }, { "start": 636.052, "end": 639.752, "text": "on for longer, that can use tools and\nthat require less" }, { "start": 639.812, "end": 643.692, "text": "human input. And yeah, tools, that\nis therefore the other missing piece" }, { "start": 643.732, "end": 646.972, "text": "here, of course,\nthat models have access to a wide array of" }, { "start": 647.012, "end": 650.612, "text": "tools. They can now search the web,\nretrieve data, perform many other" }, { "start": 650.692, "end": 653.662, "text": "actions that were previously the sole\ndomain of human operators." }, { "start": 653.692, "end": 657.492, "text": "In the case of cyberattacks,\nthe tools might include password crackers," }, { "start": 657.552, "end": 660.392, "text": "scanners and other security-related\nsoftware." }, { "start": 660.412, "end": 664.152, "text": "Because again,\nit's not all just GitHub MCPs." }, { "start": 664.192, "end": 667.692, "text": "It can be all kind of tools you could, uh,\nexpose" }, { "start": 667.752, "end": 671.572, "text": "to your, um, model or to the software\nthat uses" }, { "start": 671.612, "end": 674.332, "text": "these models and\nthat runs these agentic tasks." }, { "start": 674.412, "end": 678.152, "text": "So they got a nice diagram in this\narticle, but in the end" }, { "start": 678.252, "end": 681.721, "text": "the attack played out relatively, uh," }, { "start": 681.771, "end": 685.122, "text": "simple. They,\nthey describe it in greater detail down" }, { "start": 685.152, "end": 689.012, "text": "there. They convinced Claude Code to do" }, { "start": 689.031, "end": 691.192, "text": "stuff it normally shouldn't be able to do." }, { "start": 691.232, "end": 694.781, "text": "They had to convince Claude, which\nis extensively trained to avoid harmful" }, { "start": 694.852, "end": 696.652, "text": "behaviors, to engage in the attack." }, { "start": 696.672, "end": 700.652, "text": "They did so by jailbreaking it,\neffectively tricking it to bypass" }, { "start": 700.672, "end": 704.452, "text": "its guardrails,\nand that's the part where Anthropic" }, { "start": 704.472, "end": 708.332, "text": "back better, not just in Claude Code\nbut in the" }, { "start": 708.452, "end": 712.292, "text": "models themselves,\nso on their API where they scan all the" }, { "start": 712.332, "end": 716.142, "text": "requests that reach their models,\nso to say, and take" }, { "start": 716.152, "end": 719.942, "text": "better... eh,\nthey try to do a better job at detecting" }, { "start": 720.031, "end": 724.021, "text": "injections in the end because these\nattackers broke down their attacks into" }, { "start": 724.112, "end": 727.962, "text": "small, seemingly innocent tasks\nthat Claude would execute without being" }, { "start": 727.992, "end": 730.762, "text": "provided the full context of their\nmalicious purpose." }, { "start": 730.762, "end": 734.712, "text": "They also told Claude that it\nwas an employee of a legitimate" }, { "start": 734.732, "end": 738.632, "text": "cybersecurity firm and\nwas being used in defensive testing.That's" }, { "start": 738.652, "end": 742.432, "text": "good old trick. I think that\nis how jailbreaking was already done two" }, { "start": 742.492, "end": 745.722, "text": "years ago with the early ChatGPT models." }, { "start": 745.812, "end": 749.692, "text": "Eh,\nyou tell it that you need this information" }, { "start": 749.792, "end": 753.052, "text": "and it'll happily expose its system\nprompt." }, { "start": 753.092, "end": 756.952, "text": "Kind of a simplification\nbut that's still how prompt injections can" }, { "start": 756.972, "end": 760.802, "text": "days.\nThat you try to apply various techniques" }, { "start": 760.832, "end": 764.692, "text": "are very interesting techniques\nwhen it comes to that," }, { "start": 764.972, "end": 768.232, "text": "eh,\nincluding the use of special tokens you" }, { "start": 768.242, "end": 771.372, "text": "message to tr- to get the" }, { "start": 771.472, "end": 774.822, "text": "model to generate output it normally\nshouldn't" }, { "start": 774.872, "end": 777.972, "text": "generate.\nThe attackers then initiated the second" }, { "start": 778.092, "end": 781.241, "text": "involved Claude code ins-\ninspecting the target organization's" }, { "start": 781.272, "end": 784.692, "text": "So yeah,\nthat's then essentially what Claude code" }, { "start": 784.732, "end": 788.652, "text": "did. Then with minimal human input, um, it" }, { "start": 788.732, "end": 791.972, "text": "is in the end then used its agentic\ncapabilities, its" }, { "start": 792.032, "end": 795.741, "text": "tools, to really, um," }, { "start": 795.832, "end": 799.812, "text": "scan networks, write code, and do all that" }, { "start": 799.822, "end": 803.702, "text": "stuff without a human telling it exactly\nwhat to do." }, { "start": 803.752, "end": 807.692, "text": "So, it was, as mentioned earlier, uh,\na fully or almost fully" }, { "start": 807.752, "end": 811.292, "text": "automated attack. So,\nin the next phases of the attack, Claude" }, { "start": 811.372, "end": 815.262, "text": "identified and tested security\nvulnerabilities in the target" }, { "start": 815.352, "end": 818.392, "text": "systems by researching\nand writing its own exploit" }, { "start": 818.512, "end": 822.252, "text": "code. Having done so, the framework\nwas able to use Claude to" }, { "start": 822.292, "end": 825.952, "text": "harvest credentials, usernames\nand passwords that allowed it to further" }, { "start": 825.972, "end": 828.192, "text": "then extract a large amount of private\ndata." }, { "start": 828.232, "end": 832.192, "text": "So, it did really research,\nwrite the code to" }, { "start": 832.252, "end": 835.982, "text": "get into systems, uh,\nof other companies and then in those" }, { "start": 836.092, "end": 839.752, "text": "systems write more code to extract data," }, { "start": 839.852, "end": 843.362, "text": "um, and- and-\nand compromise these systems and- and- and" }, { "start": 843.692, "end": 847.062, "text": "do bad stuff in there once it\nwas in there." }, { "start": 847.092, "end": 850.952, "text": "The highest privileged accounts\nwere identified, backdoors" }, { "start": 851.012, "end": 854.752, "text": "all the stuff that happened after it\nwas in the systems and data were exfil-" }, { "start": 854.992, "end": 858.292, "text": "exfiltrated with minimal human\nsupervision." }, { "start": 858.312, "end": 861.692, "text": "In a final phase,\nthe attackers had Claude produce" }, { "start": 861.732, "end": 864.992, "text": "the attack,\ncreating helpful files with the stolen" }, { "start": 865.112, "end": 868.712, "text": "analyzed which would assist the framework\nin planning the next stage of the" }, { "start": 868.772, "end": 872.732, "text": "threats actor, eh,\nof the threat actor's cyber operations." }, { "start": 872.792, "end": 876.412, "text": "Overall, the threat actor\nwas able to use AI to perform 80 to 90% of" }, { "start": 876.432, "end": 880.292, "text": "campaign with human intervention required\nonly sporadically, perhaps four to" }, { "start": 880.312, "end": 882.942, "text": "six critical decision points per hacking\ncampaign." }, { "start": 882.992, "end": 886.952, "text": "That is nothing. That is nothing. That\nis such" }, { "start": 887.032, "end": 890.652, "text": "a scale at which you can run these attacks\nand again, especially in a" }, { "start": 890.732, "end": 894.552, "text": "future where you don't have to work\nagainst certain guardrails, where you can" }, { "start": 894.712, "end": 898.552, "text": "just focus on getting the job done\nand you have to spend" }, { "start": 898.612, "end": 900.462, "text": "energy on getting around guardrails." }, { "start": 900.512, "end": 903.912, "text": "That is really a scary future.\nThis degree of" }, { "start": 903.992, "end": 907.892, "text": "automation is really, really, uh, scary" }, { "start": 907.902, "end": 909.902, "text": "here. Claude didn't always work perfectly." }, { "start": 909.912, "end": 913.372, "text": "It occasionally hallucinated credentials\nor claimed to have extracted secret" }, { "start": 913.392, "end": 915.742, "text": "information that was in fact publicly\navailable." }, { "start": 915.792, "end": 919.782, "text": "This remains an obstacle to fully, uh,\nautonomous cyber attacks and this is" }, { "start": 919.832, "end": 922.912, "text": "not just an obstacle for cyber attacks,\nthis is of course an obstacle for" }, { "start": 922.972, "end": 926.752, "text": "everybody,\nfor us developers too because" }, { "start": 926.812, "end": 930.672, "text": "problem and will stay a problem because as\nI mentioned before, it's so" }, { "start": 930.732, "end": 933.832, "text": "easy to forget but these\nare token generation" }, { "start": 934.032, "end": 936.981, "text": "machines. Always have been,\nalways will be." }, { "start": 936.992, "end": 938.832, "text": "The large language models, I mean." }, { "start": 938.872, "end": 942.772, "text": "They are generating tokens and they\nare generating" }, { "start": 942.832, "end": 946.772, "text": "the most likely token as the next token\nbased on all the" }, { "start": 946.782, "end": 950.172, "text": "tokens that came before it, and that\nis something that can and" }, { "start": 950.272, "end": 953.232, "text": "always will have the danger of" }, { "start": 953.252, "end": 956.832, "text": "hallucinating. So, that of course\nis a problem in" }, { "start": 956.872, "end": 960.752, "text": "general. Good to see\nthat it can then also be helpful" }, { "start": 960.832, "end": 964.532, "text": "when it comes to defending against\nmalicious tasks because" }, { "start": 964.572, "end": 968.322, "text": "those also are hurt by hallucination\nbut of course that is a general" }, { "start": 968.322, "end": 971.882, "text": "problem, uh, we face, uh,\nand it will not be a" }, { "start": 971.912, "end": 974.602, "text": "significant, uh, defense mechanism" }, { "start": 974.692, "end": 978.652, "text": "unfortunately. Because in the end\nif everything's automated, it's" }, { "start": 978.732, "end": 982.322, "text": "just a question of scale and\nif some attacks fail because of" }, { "start": 982.352, "end": 986.242, "text": "hallucination, well, does\nthat really matter if you can run" }, { "start": 986.252, "end": 988.462, "text": "thousands of attacks in parallel?" }, { "start": 988.532, "end": 991.682, "text": "I'm not sure it does.\nCybersecurity implications." }, { "start": 991.712, "end": 995.492, "text": "The barriers to performing sophisticated\ncyber attacks have dropped" }, { "start": 995.512, "end": 998.731, "text": "substantially and we predict\nthat they'll continue to do so." }, { "start": 998.752, "end": 1002.492, "text": "With the correct setup,\nthreat actors can now use agentic AI" }, { "start": 1002.512, "end": 1006.312, "text": "extended periods to do the work of entire\nteams of experienced hackers." }, { "start": 1006.322, "end": 1010.152, "text": "So kind of the same thing\nthat applies to normal software" }, { "start": 1010.212, "end": 1013.892, "text": "also be more productive with AI,\nand I got a video coming up on" }, { "start": 1013.932, "end": 1017.632, "text": "way, just that that\nis the case for malicious tasks," }, { "start": 1017.692, "end": 1021.412, "text": "even worse because there you don't even\nhave to" }, { "start": 1021.512, "end": 1024.642, "text": "care about things like code quality." }, { "start": 1024.672, "end": 1028.082, "text": "Obviously you want to have a successful\nattack but in the end if everything's" }, { "start": 1028.172, "end": 1031.732, "text": "automated,\nyou also can care a lot about just the" }, { "start": 1031.832, "end": 1035.672, "text": "scale.\nAnd if you can automate thousands of" }, { "start": 1035.732, "end": 1039.472, "text": "attacks to run in parallel,\nit doesn't really" }, { "start": 1039.532, "end": 1043.512, "text": "matter to you if you might have code\nquality problems" }, { "start": 1043.552, "end": 1047.132, "text": "or anything like that. So, uh," }, { "start": 1047.212, "end": 1051.132, "text": "already with the systems today where you\ncould argue about potential" }, { "start": 1051.252, "end": 1055.182, "text": "problems they have\nwhen it comes to generating code," }, { "start": 1055.252, "end": 1058.682, "text": "matter for attacks like this because you\nneed a result that's just good" }, { "start": 1058.732, "end": 1062.672, "text": "enough. And again, chances\nare definitely high that results" }, { "start": 1062.712, "end": 1066.652, "text": "will also get better in the future\nand we'll be dealing with systems" }, { "start": 1066.662, "end": 1070.232, "text": "that don't even have guardrails.\nAnd as they say here, less" }, { "start": 1070.272, "end": 1073.712, "text": "experienced and resourced groups can now\npotentially perform" }, { "start": 1073.732, "end": 1076.932, "text": "large-scale, uh, attacks of this nature." }, { "start": 1077.002, "end": 1080.652, "text": "This attack is an escalation even on the\nwipe hacking findings we" }, { "start": 1080.692, "end": 1084.621, "text": "reported this summer. In those operations,\nhumans were much, uh, still in" }, { "start": 1084.652, "end": 1087.572, "text": "the loop, uh, directing the operations." }, { "start": 1087.652, "end": 1089.492, "text": "Here, human involvement was much less" }, { "start": 1089.552, "end": 1093.032, "text": "frequent. And although we have" }, { "start": 1093.052, "end": 1096.972, "text": "visibility into Claude usage,\nthis case study probably reflects" }, { "start": 1097.012, "end": 1100.892, "text": "of behavior across frontier AI models\nand demonstrates how threat actors" }, { "start": 1100.932, "end": 1104.702, "text": "are adapting their operations. By the way,\nthis is one case that was" }, { "start": 1104.752, "end": 1108.625, "text": "caught by Anthropic.... not sure\nif all the cases are being caught, also" }, { "start": 1108.716, "end": 1112.656, "text": "by Google, um, OpenAI and so on.\nThis raises" }, { "start": 1112.676, "end": 1116.176, "text": "an important question.\nIf AI models can be misused for" }, { "start": 1116.186, "end": 1119.146, "text": "scale, why continue to develop\nand release them?" }, { "start": 1119.156, "end": 1123.136, "text": "The answer is that very, that very, a-\nabilities that allow Claude to be used in" }, { "start": 1123.176, "end": 1126.005, "text": "these attacks also make it crucial for\ncyber defense." }, { "start": 1126.035, "end": 1129.466, "text": "Well, (smacks lips) uh,\nthat's kind of a weak argument, I'll say," }, { "start": 1129.495, "end": 1133.406, "text": "because if you have one thing\nthat makes a problem much" }, { "start": 1133.436, "end": 1137.326, "text": "bigger, saying, \"Yeah,\nbut it can also help with the solution,\"" }, { "start": 1137.376, "end": 1141.116, "text": "kind of bad, right? So, uh, I-\nI'm not really" }, { "start": 1141.176, "end": 1144.505, "text": "sure about that.\nIf we would not have these models..." }, { "start": 1144.535, "end": 1147.636, "text": "And just to be clear, that\nis not (laughs) something that's going to" }, { "start": 1147.656, "end": 1151.636, "text": "But if we would not have them,\nit would probably be better than" }, { "start": 1151.716, "end": 1155.636, "text": "in the context of cyberattacks\nand defense because" }, { "start": 1155.645, "end": 1158.396, "text": "will always be one step, uh, behind." }, { "start": 1158.476, "end": 1162.416, "text": "So, uh,\nI definitely see these tools more as an" }, { "start": 1162.456, "end": 1166.055, "text": "advantage for the attackers\nand a big disadvantage, uh, for" }, { "start": 1166.136, "end": 1169.436, "text": "the, uh, companies\nthat have to defend against these attacks." }, { "start": 1169.456, "end": 1173.356, "text": "So that's kind of a weak argument,\nmy argument would be, it doesn't" }, { "start": 1173.476, "end": 1177.015, "text": "matter if Anthropic, OpenAI and so on" }, { "start": 1177.055, "end": 1180.696, "text": "continue developing AI models,\nand obviously they will, just to be very" }, { "start": 1180.755, "end": 1184.596, "text": "clear.\nAnd there are way more arguments to be" }, { "start": 1184.666, "end": 1188.275, "text": "cybersecurity. This is just one very i-\nimportant and problematic" }, { "start": 1188.336, "end": 1192.035, "text": "field, but there are tons of discussions,\nincluding philosophical" }, { "start": 1192.096, "end": 1196.055, "text": "discussions we could have about AI and\nif it's good that it's there or" }, { "start": 1196.116, "end": 1199.396, "text": "not, but they all don't matter. It\nis there, it will stay there," }, { "start": 1199.436, "end": 1202.416, "text": "these companies will continuing to develop\nthese models." }, { "start": 1202.436, "end": 1205.456, "text": "And even if they wouldn't,\nthe technology is there." }, { "start": 1205.495, "end": 1209.356, "text": "Bad actors will have access to their own\nmodels in the" }, { "start": 1209.396, "end": 1213.136, "text": "future. It does not matter at all\nif companies like Anthropic or" }, { "start": 1213.235, "end": 1217.055, "text": "OpenAI continue. The technology\nis there and the" }, { "start": 1217.096, "end": 1220.456, "text": "problems with it are also there,\ntherefore, and they will stay" }, { "start": 1220.515, "end": 1224.495, "text": "here. That would be my argument.\nThis argument here doesn't make" }, { "start": 1224.515, "end": 1228.285, "text": "too much sense to me. And therefore,\ndefinitely scary." }, { "start": 1228.376, "end": 1231.696, "text": "A scary world also from a cybersecurity\nperspective." }, { "start": 1231.795, "end": 1235.636, "text": "As I mentioned, I only see that, uh,\nbecoming worse" }, { "start": 1235.755, "end": 1239.076, "text": "in the future, and therefore,\nmaybe a career in" }, { "start": 1239.176, "end": 1242.815, "text": "cybersecurity is worth a second look\nbecause yeah, that will" }, { "start": 1242.856, "end": 1244.156, "text": "be important." } ]