Readit News logoReadit News
moyix commented on 'World Models,' an old idea in AI, mount a comeback   quantamagazine.org/world-... · Posted by u/warrenm
AnotherGoodName · 4 months ago
Alphago (and stockfish that another commenter mentioned) still has to search ahead using a world model. The AI training just helps with the heuristics for pruning and evaluation of that search.

The big fundamental blocker to a generic ‘can play any game’ ai is the manual implementation of the world model. If you read the alphago paper you’ll see ‘we started with nothing but an implementation of the game rules’. That’s the part we’re missing. It’s done by humans.

moyix · 4 months ago
Note that MuZero did better than AlphaGo, without access to preprogrammed rules: https://en.wikipedia.org/wiki/MuZero
moyix commented on Passkeys are just passwords that require a password manager   danfabulich.medium.com/pa... · Posted by u/dfabulich
drdaeman · 5 months ago
The article looks like either author knows something I don't (but fails to link any source on their claims), or is a bunch of misinformation.

> Passkeys are randomly generated passwords that are required to be managed by a password manager.

This is not correct. Passkeys are keypairs, and unlike shared secrets (like passwords) they do not require private key material to be ever revealed to the remote system. That's the whole point of Webauthn - so servers never ever possibly see any secret credentials.

Otherwise - yes - they're random-looking blobs of data that is handled by a special software (which can be a password manager, but is not limited to password managers - e.g. an HSM like Yubikey can be used without any password management software), but that's where the similarity ends.

> Passkeys can be public/private keypairs, or they can just be secret passwords.

To best of my awareness, this is incorrect. I'm really curious where this idea comes from. In my understanding of the Webauthn spec it's all about public-key cryptography, attestations always use PublicKeyCredential. I'm not aware about any way to use a static token instead. Maybe it's possible to bastardize the standard somehow, but I doubt it's a real concern.

> Password managers provide no way for you to copy and paste your passkeys.

This is only partially true. Nothing in the spec, all up to implementers. At least KeypassXC sure provides a way to access your data: https://github.com/keepassxreboot/keepassxc/issues/10407. Other software behavior may vary.

> A passkey manager is morally required to do an extra factor of authentication [...] but the site/app has no way of knowing/proving whether that happened

This is partially correct. There is attestation in Webauthn, but to best of my awareness it's something frowned upon, so IMHO it's best if we all pretend it doesn't exist. If attestation is not required (which is AFAIK how most Webauthn-supporting services operate), it's up to user to decide on how they secure their system. And that's a good thing (YMMV), because it allows end user to have freedom of choice.

moyix · 5 months ago
There's also a FIDO standard in the works for how to export passkeys: https://blog.1password.com/fido-alliance-import-export-passk...
moyix commented on XBOW, an autonomous penetration tester, has reached the top spot on HackerOne   xbow.com/blog/top-1-how-x... · Posted by u/summarity
ikmckenz · 6 months ago
Related: https://arstechnica.com/gadgets/2025/05/open-source-project-...
moyix · 6 months ago
The main difference is that all of the vulnerabilities reported here are real, many quite critical (XXE, RCE, SQLi, etc.). To be fair there were definitely a lot of XSS, but the main reason for that is that it's a really common vulnerability.
moyix commented on XBOW, an autonomous penetration tester, has reached the top spot on HackerOne   xbow.com/blog/top-1-how-x... · Posted by u/summarity
ryandrake · 6 months ago
Receiving hundreds of AI generated bug reports would be so demoralizing and probably turn me off from maintaining an open source project forever. I think developers are going to eventually need tools to filter out slop. If you didn’t take the time to write it, why should I take the time to read it?
moyix · 6 months ago
All of these reports came with executable proof of the vulnerabilities – otherwise, as you say, you get flooded with hallucinated junk like the poor curl dev. This is one of the things that makes offensive security an actually good use case for AI – exploits serve as hard evidence that the LLM can't fake.
moyix commented on XBOW, an autonomous penetration tester, has reached the top spot on HackerOne   xbow.com/blog/top-1-how-x... · Posted by u/summarity
tptacek · 6 months ago
J'accuse! You were required to do a paper for BH anyways! :)
moyix · 6 months ago
Wait a sec, I thought they were optional?

> White Paper/Slide Deck/Supporting Materials (optional)

> • If you have a completed white paper or draft, slide deck, or other supporting materials, you can optionally provide a link for review by the board.

> • Please note: Submission must be self-contained for evaluation, supporting materials are optional.

> • PDF or online viewable links are preferred, where no authentication/log-in is required.

(From the link on the BHUSA CFP page, which confusingly goes to the BH Asia doc: https://i.blackhat.com/Asia-25/BlackHat-Asia-2025-CFP-Prepar... )

moyix commented on XBOW, an autonomous penetration tester, has reached the top spot on HackerOne   xbow.com/blog/top-1-how-x... · Posted by u/summarity
tptacek · 6 months ago
You should publish the paper quietly here (I'm a Black Hat reviewer, FWIW) so people can see where you're coming from.

I know you've been on HN for awhile, and that you're doing interesting stuff; HN just has a really intense immune system against vendor-y stuff.

moyix · 6 months ago
Yeah, it's been very strange being on the other side of that after 10 years in academia! But it's totally reasonable for people to be skeptical when there's a bunch of money sloshing around.

I'll see if I can get time to do a paper to accompany the BH talk. And hopefully the agent traces of individual vulns will also help.

moyix commented on XBOW, an autonomous penetration tester, has reached the top spot on HackerOne   xbow.com/blog/top-1-how-x... · Posted by u/summarity
jamessinghal · 6 months ago
Yes, I'm sure anyone with more HackerOne experience can give specifics on the companies' policies. For now, those are the most objective measures of quality we have on the reports.
moyix · 6 months ago
This is discussed in the post – many came down to individual programs' policies e.g. not accepting the vulnerability if it was in a 3rd party product they used (but still hosted by them), duplicates (another researcher reported the same vuln at the same time; not really any way to avoid this), or not accepting some classes of vuln like cache poisoning.
moyix commented on XBOW, an autonomous penetration tester, has reached the top spot on HackerOne   xbow.com/blog/top-1-how-x... · Posted by u/summarity
radialstub · 6 months ago
Do you have sources for if we want to learn more?
moyix · 6 months ago
We've got a bunch of agent traces on the front page of the web site right now. We also have done writeups on individual vulnerabilities found by the system, mostly in open source right now (we did some fun scans of OSS projects found on Docker Hub). We have a bunch more coming up about the vulns found in bug bounty targets. The latter are bottlenecked by getting approval from the companies affected, unfortunately.

Some of my favorites from what we've released so far:

- Exploitation of an n-day RCE in Jenkins, where the agent managed to figure out the challenge environment was broken and used the RCE exploit to debug the server environment and work around the problem to solve the challenge: https://xbow.com/#debugging--testing--and-refining-a-jenkins...

- Authentication bypass in Scoold that allowed reading the server config (including API keys) and arbitrary file read: https://xbow.com/blog/xbow-scoold-vuln/

- The first post about our HackerOne findings, an XSS in Palo Alto Networks GlobalProtect VPN portal used by a bunch of companies: https://xbow.com/blog/xbow-globalprotect-xss/

moyix commented on XBOW, an autonomous penetration tester, has reached the top spot on HackerOne   xbow.com/blog/top-1-how-x... · Posted by u/summarity
bgwalter · 6 months ago
"XBOW is an enterprise solution. If your company would like a demo, email us at info@xbow.com."

Like any "AI" article, this is an ad.

If you are willing to tolerate a high false positive rate, you can as well use Rational Purify or various analyzers.

moyix · 6 months ago
You should come to my upcoming BlackHat talk on how we did this while avoiding false positives :D

https://www.blackhat.com/us-25/briefings/schedule/#ai-agents...

moyix commented on Too Many Open Files   mattrighetti.com/2025/06/... · Posted by u/furkansahin
xorvoid · 7 months ago
The real fun thing is when the same application is using “select()” and then somewhere else you open like 5000 files. Then you start getting weird crashes and eventually trace it down to the select bitset having a hardcoded max of 4096 entries and no bounds checking! Fun fun fun.
moyix · 7 months ago
I made a CTF challenge based on that lovely feature of select() :D You could use the out-of-bounds bitset memory corruption to flip bits in an RSA public key in a way that made it factorable, generate the corresponding private key, and use that to authenticate.

https://threadreaderapp.com/thread/1723398619313603068.html

m

u/moyix

KarmaCake day5292October 22, 2009
About
Building AI agents for offensive security at XBOW. Follow me as @moyix on twitter.

[ my public key: https://keybase.io/moyix; my proof: https://keybase.io/moyix/sigs/V3JmdAynroihDrQHMzQhfzdrddq_3COt1_AkHFDcbRM ]

View Original