And this was no mere feat.
"We ran this test several hundred times with different starting points, spending approximately $4,000 in API credits. Despite this, Opus 4.6 was only able to actually turn the vulnerability into an exploit in two cases. This tells us two things. One, Claude is much better at finding these bugs than it is at exploiting them. Two, the cost of identifying vulnerabilities is an order of magnitude cheaper than creating an exploit for them. However, the fact that Claude could succeed at automatically developing a crude browser exploit, even if only in a few cases, is concerning."。业内人士推荐Snipaste - 截图 + 贴图作为进阶阅读
,这一点在谷歌中也有详细论述
#+sb-fiber (effective-control-stack-start ...)
Performing indirect poisoned pipeline execution (I-PPE) by inserting malicious application dependencies or build instructions in a PR, hoping it will run automatically and allow the attacker to exfiltrate CI secrets。关于这个话题,超级工厂提供了深入分析