Replying to Avatar rabble

Somebody’s going to write a bot using AI that actually makes all the hallucinated software libraries that AI chat bots and other tools are trying to use. Then they’ll be able to put backdoors in them and we’ll have a security nightmare where there’s nobody ever to check the code that is being generated and used all through the new large language models.
Avatar
ABH3PO 1y ago

On the optimistic side, we can also have AI that scrutinizes all code and points out and flags vulnerabilities, not all software is audited and now we have a tireless auditor.

Maybe too optimistic, but just an alternate take 😛

Reply to this note

Please Login to reply.

Discussion

Avatar
semisol 1y ago

to be able to have AI scan vulnerabilities means that it needs to be able to build a map of the application logic, how every small detail interacts and how these may combine into an exploit chain

that is not possible with a text predictor

Avatar
ABH3PO 1y ago

Agreed, but it can pickup small details like if a method with known vulnerabilities is used, or if an unscoped variable is exposed, its obviously not foolproof, but it could be a great helping hand.

Avatar
semisol 1y ago

did you hear about static or dynamic analysis? 😆

Avatar
ABH3PO 1y ago

Lol, now that you point it out 🤣

Avatar
ABH3PO 1y ago

Though llms can go a bit deeper than that, tbh I'm only playing the devil's advocate here, I understand all the arguments against.

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

they can barely even do simple arithmetic