Privilege detection can be detected (i.e. by having a certain application run as root), if you have a piece of software try out a bunch of things (fuzzer, or more recently an LLM-in-a-loop) until this detection is triggered - evidence of actual success, even when things like LLMs are prone to ‘hallucinations’ (or lies) - you’ve got evidence of an exploit.
We have reached a point where this methodology is applied to a bunch of codebases, with some technological advances making it more capable and faster, hence the larger number of exploits being found.
Privilege detection can be detected (i.e. by having a certain application run as root), if you have a piece of software try out a bunch of things (fuzzer, or more recently an LLM-in-a-loop) until this detection is triggered - evidence of actual success, even when things like LLMs are prone to ‘hallucinations’ (or lies) - you’ve got evidence of an exploit.
We have reached a point where this methodology is applied to a bunch of codebases, with some technological advances making it more capable and faster, hence the larger number of exploits being found.
I know, but why is all just lpe? Or just lpe that reported?
I have seen others too, I think that the difference lies in that privilege escalation is just more critical and hence prominent.