"Sybil uses a mix of different AI models -as well as a few proprietary technical tricks-to scan computer systems for issues that hackers might exploit, like an unpatched server or a misconfigured database. In this case, Sybil flagged a problem with the customer's deployment of federated GraphQL, a language used to specify how data is accessed over the web through application programming interfaces (APIs). The issue meant that the customer was inadvertently exposing confidential information."
"What puzzled Ionescu and Herbert-Voss was that spotting the issue required a remarkably deep knowledge of several different systems and how those systems interact. RunSybil says it has since found the same problem with other deployments of GraphQL-before anybody else made it public "We scoured the internet, and it didn't exist," Herbert-Voss says. "Discovering it was a reasoning step in terms of models' capabilities-a step change.""
Vlad Ionescu and Ariel Herbert-Voss cofounded RunSybil and built Sybil, an AI tool that combines multiple models and proprietary techniques to scan systems for exploitable issues like unpatched servers or misconfigured databases. Sybil identified a deployment flaw in federated GraphQL that exposed confidential data, demonstrating deep cross-system reasoning. RunSybil later discovered the same flaw in other GraphQL deployments before public disclosure. Advances in simulated reasoning and agentic AI have improved model capabilities to find zero-day bugs and vulnerabilities, raising the risk that the same techniques can be used defensively or maliciously.
Read at WIRED
Unable to calculate read time
Collection
[
|
...
]