It's from the link I posted. Claude's own team in January trying to do exactly what you suggested and ending with results that are less than promising. It's their blog. I assumed it represented the pinnacle of their research.
replyWe're getting a point where anecdotes are being used in place of reason. I'd think you want to ask "how many bug bounties are earned by humans vs AI assistants?" If there's money to be made in finding 0-days then shouldn't there be ample evidence of this?
You can see now that you assumed wrong.
replyNo. I can't. That's the point. You've not disclosed what you've done, the link you provided contains locked disclosures I can't access but which appear all to be submitted by humans, and the article itself contains a giant problem, it didn't discover anything, it merely crafted a POC from an existing CVE.
replyWhich is why I'm confused. A limited number of particular people say there's this giant sea change. I cannot find any hard evidence that's true.
If anthropic blog was trying to _sell me_ on their service they failed miserably. So I guess my assumption can, at least, safely be, they have no idea how to market their own product.
The Firefox team has acknowledged the vulnerabilities, which are obviously not "greps for strcat" as you claimed. I mean, you've been refuted; I don't really understand what the argument is supposed to be at this point.
reply