• ☆ Yσɠƚԋσʂ ☆@lemmy.mlOP
      link
      fedilink
      arrow-up
      6
      arrow-down
      1
      ·
      2 days ago

      Finding them is a prerequisite to exploiting them, and by far the hardest part. Once you know what the exploit is, abusing it is not difficult.

      • TrippinMallard@lemmy.ml
        link
        fedilink
        arrow-up
        2
        ·
        2 days ago

        Depends on the exploit. Sometimes it requires physical access to a port with contacts hidden under conformal coating that damages when removed.

          • TrippinMallard@lemmy.ml
            link
            fedilink
            arrow-up
            2
            ·
            edit-2
            2 days ago

            That was not obvious to me. LLMs have been used for finding hardware, firmware, RF, software, and social exploits.

            RAM side-channel attacks are a good example of software exploits that are harder to exploit than find the vulnerability.

                • ☆ Yσɠƚԋσʂ ☆@lemmy.mlOP
                  link
                  fedilink
                  arrow-up
                  2
                  arrow-down
                  1
                  ·
                  2 days ago

                  Again, I’m not disagreeing that you can use LLMs to audit all these things. All I’m saying is that software is by far the easiest place to apply models and actually try out exploits end to end.

        • ☆ Yσɠƚԋσʂ ☆@lemmy.mlOP
          link
          fedilink
          arrow-up
          3
          arrow-down
          1
          ·
          2 days ago

          You’re entitled to your opinion, but finding vulnerabilities goes far beyond simply doing static analysis. LLMs are able to find vulnerabilities that emerge from subtle interactions between different features, where things like keys and security credentials aren’t handled properly, and finding these by hand in a large codebase is nearly impossible.

          The very process of finding these vulnerabilities gives you a path towards making an exploit. And the LLM can actually do this laborious process largely autonomously as well. It can probe a site for example, look at the results, and iterate on them. It’s an incredibly effective tool for both finding exploits and testing them out in the wild.

          In fact, you can ask piefed devs about their recent security debacle that an LLM exposed and gave a step by step guide for exploiting.

  • i_am_not_a_robot@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    13
    ·
    3 days ago

    The US government cut off access to Mythos because Anthropic marketing claims it’s so powerful that it could be misused. If China has a better system, doesn’t that obligate companies that believe the marketing to use the Chinese system to find vulnerabilities in their software before somebody else does?

    • ghost_laptop@lemmy.ml
      link
      fedilink
      arrow-up
      15
      arrow-down
      1
      ·
      3 days ago

      how is this relevant to the post you rabid orientalist dog? your people are only filled with hate, you’re disgusting

      • MrSoup@lemmy.zip
        link
        fedilink
        arrow-up
        2
        arrow-down
        10
        ·
        3 days ago

        Chill out man, you don’t even know me and you are talking shit about me. I’m no “orientalist dog” and I don’t know who you are referring to with “your people”.

        I’m simply showing an interesting inner-analysis the LLM do when talking about censored stuff. It is always fun to try LLMs limits an see what have been censored and here there is also an inner reasoning which is cut-off.

        Learn respect and how to talk to people before making stupid assumptions.

        • davel [he/him]@lemmy.ml
          link
          fedilink
          English
          arrow-up
          9
          ·
          3 days ago

          Previously:

          Are you also going to claim that DeepSeek isn’t censored?

          You can download DeepSeek and run it yourself to get uncensored answers.

          Large Language Models (LLMs) are not truth machines. They are garbage in, garbage out. The input to English-language models are largely English-language texts from Five Eyes countries, with all the disinformation and bias that that entails. So the DeepSeek company is in a “damned if you do, damned if you don’t” situation. They can either refuse to answer certain questions, in which case Western media will accuse them of censorship; or they can answer them, in which case (a) their model will perpetuate Cold War I & Cold War II falsehoods and (b) Western media will parade those false answers around in a victory lap. They chose the former for the cloud version of their app, and the latter for the local version.

          • MrSoup@lemmy.zip
            link
            fedilink
            arrow-up
            1
            arrow-down
            8
            ·
            edit-2
            3 days ago

            I’m aware of open weights and yes, it is clearly a server-side block (since the text generation is cut-off). If I’m not wrong it was DeepSeek I tried (long time ago) locally offline and it was willing to talk even about this type of topics.