Risky Bulletin Srsly Risky Biz: America's next top (cyber) model
7 snips
Apr 2, 2026 Tom Uren, policy and intelligence editor focused on cybersecurity and conflict tech. He describes how AI models now autonomously uncover serious software vulnerabilities. He explains why multiple top AI systems matter for state cyber work. He also talks about Ubiquiti gear replacing Starlink in the Russia–Ukraine fighting and the supply-chain issues that enabled it.
AI Snips
Chapters
Transcript
Episode notes
AI Models Rapidly Discover Hidden Vulnerabilities
- AI models like Claude can autonomously find previously unknown vulnerabilities in well-tested open source projects.
- Nicholas Carlini used Claude to locate hundreds of bugs with minimal prompts, showing models now perform deep code reasoning rather than simple fuzzing.
Models Can Chain Logic To Create Exploits
- Claude not only found vulnerabilities but crafted exploitation scripts such as for blind SQL injection and complex Linux kernel RCE scenarios.
- These are attack chains previously hard to automate because they require stitching separate code paths and logical reasoning.
Do Not Cut Off AI Tools From National Cyber Teams
- Governments and defence agencies should ensure access to multiple top AI models rather than banning vendors abruptly.
- Tom Uren argues losing access handicaps NSA/Cyber Command because vulnerability discovery is core to both offensive and defensive roles.