π« MY COURSES Sign-up for my FREE 3-Day C Course: https://lowlevel.academy π§ββοΈ HACK YOUR CAREER Wanna learn to hack? Join my new CTF platform: https://stacksmash.io β¨οΈ KEYBOARD Like what you hear? Grab a Q5 at https://go.lowlevel.tv/keyboard π₯COME HANG OUT Check out my other stuff: https://lowlevel.tv
ADVERTISEMENT
Imagine just vibing with an AI and figuring this outπ I love the creativity of people it really is something fascinating
Kinda of crazy that we canβt trust it with passwords. But we trust it in defense systems, software programming for important websites and databases and much more.
The fact the api, publicly facing ai agent accesses, allows unauthenticated users to change emails is insane
I'm so sick and tired of AI. I wish we could go back in time and never have deployed AI in our lives. This is worse than the pandemic
The worst part is, if Meta replaced their support line with AI, this is the HUMANS that could've prevented this hack, that are probably out of their previous job rn.
This is abysmal, not having basic access control on an MCP server is hilariously bad. It's basically an API but for AI, and all of the same security best practices still apply.
soon to come: AI in nuclear defense systems
Corporations and the public are like lemmings following the flute player off of the cliff. "Hey everyone! Here's this flashy new toy! Let's all play with it!"
Kinda reminds me of the F12 'hack' a few years ago where the gov leaked sensitive data to the client side console 'encrypted' in base64. They argued in court that, though maybe not a strong encryption, it was still illegal to crack. It is arguable if using a system as intended is even hacking. I mean if a dev wrote a 'give me that account pretty please' button and I clicked it, is that hacking?
RE: 8:25 - I'm a full-stack web dev that uses AI all the time, but my co-workers and I understand that it's just an advance auto-complete. It's great for writing unit tests for example. I can look at a function and write the 4 or 5 test cases myself, or I can copy/paste it and have AI write the test cases for me. It's never exactly right, but it get's me 90% of the way there. A few adjustments later, usually variable names, project specific file pathing, maybe changing the asserts, and it's done in just a minute or two. For front-end, I usually just use it to find out why the hell some style inheritance is or isn't working like I expected. π€£
6:41, no, please dont move on from your life
1:57 social engineering of AI
4:22 Epic montage starts here
You need to get your glasses adjusted π€
"password plz" meta ai:
Ty for leaning forward for emphasis, btw, I wasn't really fully engaged until that moment <3
"I have over 600 passwords in my password manager. And they're all 16-char random, therefore completely secure. So I just set the master password to 'password'." - Meta Security Manager
2:25 we shouldn't really call this hacking. It needs a different name.
Hacker: Can I have this account? AI: YESβ€
0:40 we all know that nothing happens until you're on vacation or finally get to rest.