Close Menu
Technology Mag

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Sonos’ smart assistant is expanding from music to home control

    August 6, 2025

    Google Will Use AI to Guess People’s Ages Based on Search History

    August 6, 2025

    Microsoft makes OpenAI’s new open model available on Windows

    August 6, 2025
    Facebook X (Twitter) Instagram
    Subscribe
    Technology Mag
    Facebook X (Twitter) Instagram YouTube
    • Home
    • News
    • Business
    • Games
    • Gear
    • Reviews
    • Science
    • Security
    • Trending
    • Press Release
    Technology Mag
    Home » I Watched AI Agents Try to Hack My Vibe-Coded Website
    Business

    I Watched AI Agents Try to Hack My Vibe-Coded Website

    News RoomBy News RoomAugust 6, 20253 Mins Read
    Facebook Twitter Pinterest LinkedIn Reddit WhatsApp Email

    A few weeks ago, I watched a small team of artificial intelligence agents spend roughly 10 minutes trying to hack into my brand new vibe-coded website.

    The AI agents, developed by startup RunSybil, worked together to probe my poor site to identify weak spots. An orchestrator agent, called Sybil, oversees several more specialized agents all powered by a combination of custom language models and off-the-shelf APIs.

    Whereas conventional vulnerability scanners probe for specific known problems, Sybil is able to operate at a higher level, using artificial intuition to figure out weaknesses. It might, for example, work out that a guest user has privileged access—something a regular scanner might miss—and use this to build an attack.

    Ariel Herbert-Voss, CEO and cofounder of RunSybil, says that increasingly capable AI models are likely to revolutionize both offensive and defensive cybersecurity. “I would argue that we’re definitely on the cusp of a technology explosion in terms of capabilities that both bad and good actors can take advantage of,” Herbert-Voss told me. “Our mission is to build the next generation of offensive security testing just to help everybody keep up.”

    The website targeted by Sybil was one I created recently using Claude Code to help me sort through new AI research papers. The site, which I call Arxiv Slurper consists of a backend server that accesses the Arxiv—where most AI research is posted—along with a few other resources, combing through paper abstracts for words like “novel”, “first”, “surprising” as well as some technical terms I’m interested in. It’s a work in progress, but I was impressed with how easy it was to cobble together something potentially useful, even if I had to fix a few bugs and configuration issues by hand.

    A key problem with this kind of vibe-coded site, however, is that it’s hard to know what kinds of security vulnerabilities you may have introduced. So when I spoke to Herbert-Voss about Sybil, I decided to ask if it could test my new site for weaknesses. Thankfully, and only because my site is so incredibly basic, Sybil did not find any vulnerabilities.

    Herbert-Voss says most vulnerabilities tend to be the result of more complex functionality like forms, plug-ins, and cryptographic features. We watched as the same agents tried probing a dummy ecommerce website with known vulnerabilities owned by Herbert-Voss. Sybil built a map of the application and how it is accessed, probed for weak spots by manipulating parameters and testing edge cases, and then chained together findings, testing hypotheses, and escalating until it breaks something meaningful. In this case, it did identify ways to hack the site. Unlike a human, Herbert-Voss says Sybil runs thousands of these processes in parallel, doesn’t miss details, and doesn’t stop. “The result is something that behaves like a seasoned attacker but operates with machine precision and scale,” he says.

    “AI-powered pen testing is a promising direction that can have significant benefits for defending systems,” says Lujo Bauer, a computer scientist at Carnegie Mellon University (CMU) who specializes in AI and computer security. Bauer recently coauthored a study with others from CMU and a researcher from AI company Anthropic that explores the promise of AI penetration testing. The researchers found that the most advanced commercial models could not perform network attacks, but they developed a system that set high-level objectives like scanning a network or infecting a host, which enabled them to perform penetration tests.

    Share. Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Email
    Previous ArticleTikTok Promotes Stickers for Secretly Recording Meta Ray-Ban Video
    Next Article Microsoft makes OpenAI’s new open model available on Windows

    Related Posts

    A Hiker Was Missing for Nearly a Year—Until an AI System Recognized His Helmet

    August 6, 2025

    Claude Fans Threw a Funeral for Anthropic’s Retired AI Model

    August 6, 2025

    ChatGPT’s Study Mode Is Here. It Won’t Fix Education’s AI Problems

    August 5, 2025

    Anthropic Revokes OpenAI’s Access to Claude

    August 5, 2025

    WIRED Roundup: ChatGPT Goes Full Demon Mode

    August 5, 2025

    Inside Jeffrey Epstein’s Forgotten AI Summit

    August 4, 2025
    Our Picks

    Google Will Use AI to Guess People’s Ages Based on Search History

    August 6, 2025

    Microsoft makes OpenAI’s new open model available on Windows

    August 6, 2025

    I Watched AI Agents Try to Hack My Vibe-Coded Website

    August 6, 2025

    TikTok Promotes Stickers for Secretly Recording Meta Ray-Ban Video

    August 6, 2025
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Don't Miss
    News

    Nvidia rejects US demand for backdoors in AI chips

    By News RoomAugust 6, 2025

    Nvidia’s chief security officer has published a blog post insisting that its GPUs “do not…

    A Hiker Was Missing for Nearly a Year—Until an AI System Recognized His Helmet

    August 6, 2025

    Microsoft’s plan to fix the web with AI has already hit an embarrassing security flaw

    August 6, 2025

    The Kremlin’s Most Devious Hacking Group Is Using Russian ISPs to Plant Spyware

    August 6, 2025
    Facebook X (Twitter) Instagram Pinterest
    • Privacy Policy
    • Terms of use
    • Advertise
    • Contact
    © 2025 Technology Mag. All Rights Reserved.

    Type above and press Enter to search. Press Esc to cancel.