dragosrApr 1

I've watched LLMs write full exploit chains for years. The amazement fades fast once you hit context limits and spend hours steering the model past every hard corner. But the industry is packed with people who just arrived and are still in that first rush. This Calif post is a good example — real result, soft target (no KASLR, no canaries), 44 human prompts. The gap between demo and production hardened targets is the part nobody wants to talk about yet.

https://blog.calif.io/p/mad-bugs-claude-wrote-a-full-freebsd

MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)

To our knowledge, this is the first remote kernel exploit both discovered and exploited by an AI.

Calif
Show threadWulfy—Speaker to the machines

@dragosr

There are #context optimisation techniques.
But you're right about "steering Ai around hard corners"

Most users who try #ai and fail, drive it into the first tree and walk away mumbling "Useless"

As I keep saying, "Using Ai is a learned skill"
If you git gud you can use steering assist, but the human still needs to know how to drive.

#promptengineering

Apr 10 at 6:38amWeb