top | item 46316536

(no title)

larrymcp | 2 months ago

Can anyone elaborate on what they're referring to here?

> GPT‑5.2-Codex has stronger cybersecurity capabilities than any model we’ve released so far. These advances can help strengthen cybersecurity at scale, but they also raise new dual-use risks that require careful deployment.

I'm curious what they mean by the dual-use risks.

discuss

dpoloncsak|2 months ago

"Please review this code for any security vulnerabilities" has two very different outcomes depending on if its the maintainer or threat actor prompting the model

runtimepanic|2 months ago

“Dual-use” here usually isn’t about novel attack techniques, but about lowering the barrier to execution. The same improvements that help defenders reason about exploit chains, misconfigurations, or detection logic can also help an attacker automate reconnaissance, payload adaptation, or post-exploitation analysis. Historically, this shows up less as “new attacks” and more as speed and scale shifts. Things that required an experienced operator become accessible to a much wider audience. That’s why deployment controls, logging, and use-case constraints matter as much as the raw capability itself.

pixl97|2 months ago

Finding/patching exploits means you also can exploit them better?

throwaway127482|2 months ago

They did some interesting wordsmithing here to cover their ass without saying it directly.

baq|2 months ago

probably that it's good on tasks of either color teams, red or blue - and if it is, it means you can automate some... interesting workflows.

tgtweak|2 months ago

Good at finding/fixing security vulnerabilities = Good at finding/exploiting security vulnerabilities.

szundi|2 months ago

[deleted]