Kirill Firsov

So much drama today, people losing their minds over this "new" feature from Anthropic, calling it the death of pentesting and bug bounties. Even stocks tanked for companies that have nothing to do with it. Why? Because most investors in this space don't know shit about security or what Claude AI actually dropped. We have been running vulnerability scans with various AI models, including Opus 4.6 for months already. This release is basically just a handy button to run what used to be a chain of prompts doing the exact same thing. Investors: Buy back in. Bug hunters and pentesters: relax and level up with it. Anthropic’s social media team: Bravo! This clickbait worked out!

Thanks for the article, a good reading. Many points make sense. Remember times where sqlinj were left and right? That time has gone, then was time for path traversal, still there but much less. Now we assume we should see less any other types of vulnerabilities because AI covers them, yet don't forget it's now AI who writes them in the first place. Besides that I have in mind so many scenarios where I can find a bug but AI won't, at least for now. So let's use a quote from the article: no need to panic but embrace AI

Stealing a violin doesn't make you a musician. Hacking/buying a cert doesn’t make you "elite" either. It just makes you a criminal... and the one who cheated on the test and still can’t do the job. If your definition of skill requires breaking the law, you don't have any. But go on with the "no cert = skid" detective work

You don't need them for pentesting companies either. Most hackers don't have any certs, so why would some corporate bureaucracy tell me I'm not qualified to work with them just because I lack some XXX certificate? OK, let's wait until you get hacked and see how well that bureaucracy holds up then.