I saw an AI agent trying to hack my atmosphere coded website
A few weeks Previously, I saw a small team. artificial intelligence The agent is spending around 10 minutes trying to hack my new vibe coded website.
The AI agents, developed by Startup Runsybil, worked together to investigate poor sites to identify weaknesses. An orchestrator agent called Sybil oversees several more specialized agents, all with a combination of custom language models and ready-made APIs.
Traditional vulnerability scanner probes for certain known issues can work at a higher level to grasp weaknesses using artificial intuition. For example, a guest user has privileged access (something that a regular scanner might have missed, and you can use it to build an attack.
Ariel Herbert-Voss, CEO and co-founder of Runsybil, says the increasingly competent AI model is likely to revolutionize both offensive and defensive cybersecurity. “We will definitely argue that we are at the pinnacle of the explosion of technology in terms of the ability to be available to both bad and good actors,” Herbert Voss told me. “Our mission is to build next-generation attack security tests to help everyone catch up.”
Sybil’s targeted website has recently been useful for organizing new AI research papers using Claude Code. The site I call arxiv slurper It consists of backend servers that access ARXIV.Most AI research has been posted– Using some other resources, look up the paper summary for words such as “novel”, “first”, “amazing”, and some technical terms that I’m interested in. It’s a work in progress, but I was impressed by how easy it is to put together some potentially useful things together, even if you need to fix some bugs and configuration issues by hand.
However, the key issue with this type of atmospheric code site is that it is difficult to know what types of security vulnerabilities have been introduced. So when I spoke to Herbert Voss about Civil, I decided to ask if it could test my new site for weaknesses. Thankfully, only because my site is very basic, Sybil couldn’t find any vulnerabilities.
Herbert-Voss says that most vulnerabilities tend to be the result of more complex features, such as forms, plugins, and encryption features. I saw the same agent attempting to investigate Dummy eCommerce website A known vulnerability owned by Herbert-Voss. Sybil was probed for weak spots by mapping applications and how they access them, manipulating parameters and testing edge cases, then investigated for weak spots by escalating findings, hypotheses, and what makes sense a reality break. In this case, we have identified a way to hack the site. Unlike humans, Herbert Voss says that Sybil runs these processes in parallel, never missing out on the details and never stops. “The outcome is something that acts like a veteran attacker, but works with machine accuracy and scale,” he says.
“Ai-powered pentests are a promising direction that could have a huge advantage in defense systems,” said Lujo Bauer, a computer scientist at Carnegie Mellon University (CMU), who specializes in AI and computer security. Bauer recently co-authored the study With others at CMU and researchers from AI Company Humanity exploring the promise of AI penetration testing. Researchers have discovered that the most sophisticated commercial models cannot perform network attacks, but they have developed systems that set high-level targets, such as network scans and infecting hosts, and are now able to perform penetration tests.