Skip to content
SecurityAI

Researcher Spends $1,500 Testing If LLMs Can Hack a Vulnerable Firebase App

tldr / infosec 20h ago 7

Security researcher Kasra built a fake React Native book-review app with a hardened FastAPI backend but misconfigured Firebase to test whether LLMs could discover and exploit broken access controls. After spending $1,500 across multiple models, GPT-5.5 solved the challenge in 7 of 10 runs, while DeepSeek V4 Pro managed 3/10 and most others either refused on safety grounds, exhausted budgets, or fixated on the wrong attack surface. The experiment highlights that while some frontier models can reproduce real-world Firebase exploits, cost, guardrails, and inconsistency still make them unreliable autonomous pentesters.

Read full article →

More Security

Biohub open-sources AI world model for protein biology and drug design

hackernews / top 1d ago 9

Biohub releases open AI models that map the protein universe and design lab-validated therapeutic binders in days instead of years.

Google to pay SpaceX $920M monthly for xAI data center GPU capacity

hackernews / top 1d ago 9

Google will pay SpaceX $920 million a month for 32 months to rent roughly 110,000 GPUs inside xAI data centers, giving Google Cloud bridge capacity for Gemini Enterprise as SpaceX prepares its record IPO.

OpenAI Ships Million-Line Product Written Entirely by Codex Agents

hackernews / top 1d ago 9

OpenAI details building and shipping a full product with zero manually-written code using Codex agents, achieving roughly 10x speed and redefining engineering as steering rather than coding.