this post was submitted on 08 Apr 2026
246 points (84.7% liked)

Technology

83631 readers
3435 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
246
Anthropic says its latest AI model is too powerful for public release and that it broke containment during testing (www.businessinsider.com)
submitted 1 day ago by return2ozma@lemmy.world to c/technology@lemmy.world
147 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] girsaysdoom@sh.itjust.works 8 points 1 day ago (5 children)

I would love to see the exploit. There are vulnerabilities discovered everyday that amount to very little in terms of use in real world implementations.

[–] jj4211@lemmy.world 6 points 19 hours ago (4 children)

Yes, recently we got a security "finding" from a security researcher.

His vulnerability required first for someone to remove or comment out calls to sanitize data and then said we had a vulnerability due to lack of sanitation....

Throughout my career, most security findings are like this, useless or even a bit deceitful. Some are really important, but most are garbage.

[–] toddestan@lemmy.world 1 points 17 hours ago (1 children)

It may not be completely crazy, depending on context. With something like a web app, if data is being sanitized in the client-side Javascript, someone malicious could absolutely comment that out (or otherwise bypass it).

With that said, many consultant-types are either pretty clueless, or seem to feel like they need to come up with something no matter how ridiculous to justify the large sums of money they charged.

[–] jj4211@lemmy.world 2 points 11 hours ago

In this case, there was file a, which is the backend file responsible for intake and sanitation. Depending on what's next, it might go on to file b or file c. He modified file a.

His rationale was that every single backend file should do sanitation, because at some future point someone might make a different project and take file b and pair it with some other intake code that didn't sanitize.

I know all about client side being useless for meaningful security enforcement.

load more comments (2 replies)
load more comments (2 replies)