If true, this seems like a massive win in the long run, obvious risks aside.
I’ve been using a simple Claude prompt to review team PRs specifically looking for IDORs, XSS, SQL injection, etc. and it’s been really solid so far. Every once in a while it turns up a false-positive, but the signal-to-noise ratio has been excellent.
With the automated exploit frameworks out there, it seems like a logical next step to throw a frontier model at a codebase and let it pentest all day long.
I’ve been using a simple Claude prompt to review team PRs specifically looking for IDORs, XSS, SQL injection, etc. and it’s been really solid so far. Every once in a while it turns up a false-positive, but the signal-to-noise ratio has been excellent.
With the automated exploit frameworks out there, it seems like a logical next step to throw a frontier model at a codebase and let it pentest all day long.