Subnostr

On the optimistic side, we can also have AI that scrutinizes all code and points out and flags vulnerabilities, not all software is audited and now we have a tireless auditor.

Maybe too optimistic, but just an alternate take 😛

semisol 1y ago

to be able to have AI scan vulnerabilities means that it needs to be able to build a map of the application logic, how every small detail interacts and how these may combine into an exploit chain

that is not possible with a text predictor

Reply to this note

Please Login to reply.

Discussion

ABH3PO 1y ago

Agreed, but it can pickup small details like if a method with known vulnerabilities is used, or if an unscoped variable is exposed, its obviously not foolproof, but it could be a great helping hand.

semisol 1y ago

did you hear about static or dynamic analysis? 😆

ABH3PO 1y ago

Lol, now that you point it out 🤣

ABH3PO 1y ago

Though llms can go a bit deeper than that, tbh I'm only playing the devil's advocate here, I understand all the arguments against.

ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

they can barely even do simple arithmetic