Vibe hacking is the most ethical use of AI honestly
this post was submitted on 01 Jun 2026
992 points (99.6% liked)
Technology
85068 readers
4034 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 3 years ago
MODERATORS
I read this 2 days ago. Steps to reproduce are here.
https://www.0xsid.com/blog/meta-account-takeover-fiasco
Let the record show that the most sophisticated LLM in the world is ultimately just a less competent version of Yes Man from New Vegas. And even Yes Man knew his programmer was stupid for designing him that way.
So their chatbot is able to change the email address used to recover an account? I guess, they vibe coded that system.
Probably not, that implies more competency than can really believe involved here.
This is more likely something that an entire team had to force into the code over a holiday weekend because some VP got so fucking wasted that he "forgot" his password (strangely for once, he actually had the right password... But the problem is that he was trying to log into a charcuterie board).
Even hacking is an AI-backed service nowadays...
Vibe hacking
Hacking before: Pull up hood on hoodie, open laptop, open terminal, type in a bunch of matrix code, bam "were in"
Hacking now: "Hack into this thing for me" No! "Pretty please?" Access granted!
Hacking by social engineering has always been far more common than hacking by exploiting code vulnerabilities.
I mean this is what see vs what we will see in movies and media. Don't pretend for one instant that the next movie with a hacking scene won't involve some AI marketing. They will make it something romantic like a poem you have to use to hack into the AI capabilities or something.
alias prettyPlease="sudo"
Did the chatbot just send the recovery code to a Telegram channel?!? (Picture of phone with broken display)
Why would the LLM tool have access to send recovery emails to non account verified emails at all?
That’s insane.
Recently I had to cancel an order. The support for the company was an LLM bot. I accidentally mistyped a number in the order id. It accepted it anyways refunded every order on my account that includes the product I wished to cancel.
I tired to get to a human to correct the mistake and couldn't their phone number is an LLM bot their only chat is an LLM bot.
It use to not be. But now I'm sitting here the order in my hand cause the bot didn't cancel it. But like 30 orders from the last few years have all been refunded to me.
I tried to reach em a few more times but couldn't and it's been like a month. I just have like 2 grand usd that I shouldn't and no way to give it back.
So that's fun.
Would sincerely love to know the name of the company. You know, to avoid them. Yup. I’m sure that’s the reason.
That's amazing
Maybe I ought to be taking more advantage of this era of rampant incompetence
I wonder how long you need to keep that money aside before you can spend it?
I hope you saved what you could from that exchange, as well the attempts to contact them. If they ever notice, their AI mistake will become your problem to deal with, (and the kind of news story to end up on a Steve Lehto video).
If that happened to me, I'd have a chat with my bank, "please help me return this money to where it came from, it was payed in error. They have no way to contact a human and I don't want them to accuse me of fraud down the line".
Who else is going to have access to it when you keep laying off all the people?
Because AI bros are incredibly deluded about both the capability of AI, and by extension their own capabilities using AI>
Because one of the biggest companies on the planet that has issues with account takeovers clearly has no internal red team working on this stuff.
I guarantee they do have a red team that most likely flagged this as an obvious and severe risk. It was ignored by suits experiencing AI psychosis.
I don’t know, more and more of those teams these days are being headed up by the same folks. Most on the ground, in the weeds know what not to do but the ivory tower keeps building more and more floors without ever updating the foundation.
load more comments
(1 replies)
should’ve asked it to delete the database instead, why else would it have that level of permissions.
Heh. Watched an old episode of Scorpion yesterday. The one with the armed hostage-takers who just had the one demand to the social media data mining company, to delete all the data they've mined. I amused myself a lot, by uttering "I like these guys".
load more comments
(2 replies)
load more comments
(15 replies)
I remember playing with the Gandalf security AI showcase/game and every 30 or so prompts, it would spit out massive amounts of raw training data or dev directives. AI just isn’t there yet. If you’re using it for sensitive topics, I’m losing respect for you. There is no gray area. You are an idiot if you give your AI this level of access.
It's not just not there yet. This is almost certainly not going the right direction to ever be "there" if there is something that can handle security issues. It's just not the right tool for the job, and I can't understand how so much of our economy is just assuming it is the right tool for every job.
Surely it will get there if we build enough datacenters?
load more comments
(24 replies)
I had always heard that 99% of hacking is just social engineering. AI has made that 100%.
load more comments
(6 replies)
view more: next ›