I’m scared about the future of security

· video · Source ↗

Summary based on the YouTube transcript and episode description.

Theo (t3.gg) argues AI has ended the era of security-through-obscurity as frontier models now find and chain real zero-days faster than defenders can patch them.

  • OpenAI silently downgrades security-related requests from GPT-5.3/5.4 to 5.2 because the newer models are too capable at exploit development.
  • Claude Opus 4.6 found 22 Firefox vulnerabilities in pre-release testing; Anthropic partnered with Mozilla specifically to front-run public exploit discovery.
  • Nicholas Carlini (Anthropic red team) used a trivial bash loop with a single Claude Code prompt to generate 500 validated high-severity vulnerabilities across real codebases.
  • GPT-5.4 Pro solved an unsolved Defcon Gold Bug CTF puzzle (C-shanty) in ~16 minutes with no internet access and no prior solutions online.
  • AI agents found a broadly exploitable SQL injection in Ghost CMS and all recent React/Next.js CVEs were AI-discovered.
  • Security has never been truly safe code — only code where no one had enough attention to find the bugs; AI eliminates the attention scarcity that made this tolerable.
  • A leaked Anthropic blog post about an unreleased model (Mythos) explicitly flagged near-term cybersecurity risk as requiring extra pre-release red-teaming.

2026-04-10 · Watch on YouTube