Champion Ethical Hacker Valentina Palmiotti Warns AI Tools Threaten Career at Pwn2Own
Valentina Palmiotti, known as Chompie, achieved significant success at the Pwn2Own hacking competition in Berlin, securing multiple prizes for identifying critical software vulnerabilities. However, Palmiotti cautioned that sophisticated AI systems, particularly Claude Mythos, are rapidly advancing to a point where even leading human experts may struggle to compete.
Palmiotti, who also works as a security researcher for IBM X-Force, currently utilises AI tools such as Claude Code to enhance her efficiency in identifying 'bug bounties' – financial rewards for discovering system flaws before malicious actors can exploit them. She described this as a 'sweet spot' where AI serves as an aid.
Nevertheless, Palmiotti predicted a shift, stating, 'I competed in Pwn2Own this year because I thought it might be my last chance.' She believes that while security research will persist, much of the 'lower-hanging fruit' in vulnerability detection will be addressed by AI, requiring only the most elite human hackers to uncover new exploits.
Anthropic, the developer of Claude Mythos, claims its model has already identified 1,600 vulnerabilities across numerous software programmes. The company deems Mythos so potent that its release is restricted to a limited number of governments and cybersecurity organisations.
Orange Tsai, another prominent winner at Pwn2Own, led his team to secure $375,000 for uncovering complex hacking pathways. Tsai presented a more optimistic outlook, viewing AI as an 'awesome assistant' that accelerates research by handling routine testing. He suggested that human creativity and intuition might still prove indispensable for detecting vulnerabilities that AI overlooks.
While concerns persist about criminal organisations leveraging AI to expedite and innovate cyber-attacks, the majority of cyber incidents continue to employ well-established, simpler methods like phishing. Palmiotti posited that, ultimately, AI tools could bolster internet security by making it more challenging for all hackers, provided these products are deployed responsibly, granting 'good guys' access to powerful tools first.
