ENTRY

[ESC]
1h851 words

trace hunter labs

This will be kind of a lengthy one, and mostly stream of thought, but it's on a project I've started working on. First, a few disclaimers.

I understand people on this site, and elsewhere, have some very strong opinions on AI

I get that you have misgivings on AI art, AI music and AI code. I understand that. Let me very briefly state my opinions on it so I can kinda level set with you.

  • Lying about AI usage is wrong. If you created art with AI, either don't mention it (not a bad idea considering how rabid people get about it) or be honest about it
  • You should still pursue the art form. Using AI to help with concept art and give you ideas is not a bad idea tbh. Some people aren't actually interested in the art form and just want to generate images or music. Whatever, I guess. But I think the art forms are still worth pursuing for their own sake.
  • AI for code is really good but it has downsides. I've been a software dev for ages now. I've seen my own skills fall off, even as my output increases, due to relying too heavily on Codex or Clode. It also sometimes produces slop. It's very good at producing good code with the right guidance, but you should still read the code, and you should still pursue mastery just like you should pursue the art forms.
  • AI-anti's are roughly as annoying as AI cyberpsychotics. Smelling AI and tearing creators apart because of it is stupid, and folks should stop doing it.

Anyways, now that you're nice and angry...

Thesis

AI is very good at agentic investigation, ingestion of large amounts of data, linear or semi-linear workflows and analysis of code and raw data streams, and it's getting really good at tool usage.

AI is getting much better at raw understanding of and active exploitation of cyber security knowledge.

These are not hypotheses based on 0 data. GPT5.6 models scored twice as high as GPT5.5 models on ExploitBench and has extremely high scores on a ton of other open source cyber security benchmarks. Fable is rumored to be even better, and Mythos is good enough at offensive security that it scared the government bad enough to semi-nationalize the frontier labs.

The problem

The problem is that these capabilities, without actual technological action outside of the frontier labs, will always be captured by the frontier labs and the government. This became even more apparent when the USG used export restrictions and "national security" claims to restrict how the frontier labs released their models.

As a technologist, this is unacceptable. Our capability to use one of the most powerful technologies in the world should not be arbitrarily limited by the government, especially given the whims of the government and their willingness to use those same tools against their citizens changes every 2-4 years.

As an information security practitioner, hacker and lover of delving into systems (that I own, obviously) it's unacceptable that our ability to exploit and patch systems be arbitrarily limited by the government, who absolutely plans on using those same models to find and exploit systems themselves.

As a citizen concerned about our current ability to protect ourselves online, not to mention in the increasingly worrisome police state being built all around us, it's unacceptable that the government would be able to take control of the most powerful models to use via Palantir, Anduril, Flock, the NSA and elsewhere, but I cannot use those same models to protect myself or fight back.

My attempt at a solution

These are some serious problems we're facing going forward. Regardless of what you think about the AI hype (it's ridiculous) or the bubble (may or may not pop) I implore you to recognize the power of these models to surveil, censor and harm. The government is very unlikely to hamper their own ability to use these models against you. They are far more likely to slow down public access but continue stoking acceleration in the frontier labs that they control.

This can and should be fixed by open source research.

Trace Labs is/will be a security and OSINT-focused R&D lab, underneath radc0rp that focuses on releasing information security research, tools and, some day, fine-tuned, security focused artificial intelligence models to the public.

Much of this research will be created via hybrid human-agent research loops, which will also be publicly released and discussed so as to accelerate similar research being done concurrently by other individuals and labs.

Much of the research will be focused on finding, exploiting and patching vulnerabilities, protecting individuals' systems and protecting individuals' privacy. This is not a "we're pretending to release security research but actually we're just handing hackers some new exploits and calling it a day" type of outfit. I will be focusing as much of my effort as possible on public, defensive mitigations.


I'll be publishing as much as I can on here and on my various blogs. CS Online is the first place I've written about this thus far.

0 replies

Join the conversation