Several weeks I came back that a petite team of artificial intelligence agents spends about 10 minutes, trying to break into my up-to-date site coded by the climate.
AI agents, developed by startup Rusybil, worked together to examine my weakness to identify delicate places. An orchestra agent called Sybil, supervises several more specialized agents powered by a combination of custom language models and real estate.
While conventional susceptibility scanners to certain known problems, Sybil is able to act at a higher level, using artificial intuition to determine weakness. For example, he can determine that the user of the guest has privileged access – something that may miss a regular scanner – and operate it to build an attack.
Ariel Herbert-Voss, general director and co-founder of Runsybil, claims that more and more talented AI models will probably revolutionize both offensive and defensive cyber security. “I would claim that we are definitely on the border of the technology explosion in terms of the possibilities that both bad and good actors can use,” Herbert-Voss told me. “Our mission is to build the next generation of offensive security tests to help everyone keep up.”
The site targeted at Sybil was the one I have recently created using Claude code to assist me sort up-to-date AI research articles. The page I am calling Axiv Slurper It consists of a background server that gains access to ARXIV – where most AI research is published – along with several other resources, combing paper summaries for words such as “novel”, “first”, “surprising”, as well as some technical conditions that interest me. It is work in progress, but I was impressed with how effortless it was that it was something potentially useful, even if I have a few mistakes and configuration.
The key problem with this type of site coded on the atmosphere is, however, that it is complex to know what types of locks in the field of safety you can introduce. So when I talked to Herbert-Voss about Sybil, I decided to ask if he could test my up-to-date page for weakness. Fortunately, and only because my site is so extremely basic, Sybil found no gaps.
Herbert-Voss claims that most gaps are the result of more sophisticated functionalities, such as forms, plugins and cryptographic features. We watched the same agents tried to probe ECOMMERCE mannequin website with known gaps belonging to Herbert-Voss. Sybil built a map of the application and the method of its access, probed in terms of delicate places by manipulating parameters and testing of the edge cases, and then combined the arrangements, testing hypotheses and escalation until he breaks something significant. In this case, he identified the ways of hacking the site. Unlike man, Herbert-Voss claims that Sybil performs thousands of these processes in parallel, does not miss the details and does not end. “The result is something that behaves like an experienced attacker, but works with precision and scale of the machine,” he says.
“Testing a pen with AI is a promising direction that can bring significant benefits for the defense of systems,” says Lujo Bauer, IT specialist at Carnegie Mellon University (CMU), who specializes in AI and computer security. Baauer recently co -author test With others from CMI and AI Company Anthropic researcher, who examines the promise of testing AI penetration. Scientists have found that the most advanced commercial models could not perform network attacks, but they developed a system that sets up high -level goals, such as network scanning or infecting the host, which enabled them to conduct penetration tests.