/Tech3h ago

LLMs Overly Cautious in Vulnerability Research, Dismiss Working Exploits

000041

Original post

This is an important point; the latest generation of LLMs has been tuned so far toward avoiding false positives that they are very prone to wasting tons of time arguing that things are “provably” or “structurally” unexploitable

Anderson Nascimento@andersonc0d3

I finally spent some time playing with LLMs for vulnerability research. I wrote an exploit at the beginning of this year that was challenging, and I have been eager to see what Claude would do with it. My exploit works and is reliable, however, Claude says it's fundamentally not exploitable.

3:48 PM · Jun 29, 2026 · 41 Views

Sentiment

Sentiment building, check back later.

Cluster Engagement

Digg Deeper

No Digg Deeper questions have been answered for this story yet.

Posts from X

Most Activity

VIEWS86LIKES5

Brendan Dolan-Gavitt@moyix

Sometimes I like to tell them that, on the strength of their advice, I have connected the relevant system directly to the fire suppression systems of a highly flammable orphanage filled with puppies and given the server info to attackers. It doesn’t help but it’s kinda funny

Brendan Dolan-Gavitt@moyix

3h8650