• ☆ Yσɠƚԋσʂ ☆@lemmy.mlOP
    link
    fedilink
    arrow-up
    3
    arrow-down
    1
    ·
    2 days ago

    You’re entitled to your opinion, but finding vulnerabilities goes far beyond simply doing static analysis. LLMs are able to find vulnerabilities that emerge from subtle interactions between different features, where things like keys and security credentials aren’t handled properly, and finding these by hand in a large codebase is nearly impossible.

    The very process of finding these vulnerabilities gives you a path towards making an exploit. And the LLM can actually do this laborious process largely autonomously as well. It can probe a site for example, look at the results, and iterate on them. It’s an incredibly effective tool for both finding exploits and testing them out in the wild.

    In fact, you can ask piefed devs about their recent security debacle that an LLM exposed and gave a step by step guide for exploiting.

      • ☆ Yσɠƚԋσʂ ☆@lemmy.mlOP
        link
        fedilink
        arrow-up
        3
        arrow-down
        1
        ·
        2 days ago

        And I gave you a concrete example of how LLMs both find and exploit these vulnerabilities. It’s quite evident that your disagreement stems from not having actually used these tools to find vulnerabilities.

                  • ☆ Yσɠƚԋσʂ ☆@lemmy.mlOP
                    link
                    fedilink
                    arrow-up
                    1
                    ·
                    1 day ago

                    What I’m saying here is that the way you actually use LLMs is by having them go through the steps of the exploit. It makes a hypothesis and then it tries it, and then you see the result. There’s nothing to be fooled by here because the steps it takes either work or they don’t.

                    The reason LLMs are much better at finding these vulnerabilities is because a human can’t keep a large codebase in their head all at once. If you look at a project like Lemmy for example, there’s a ton of code in it. You have to be an expert in what that code is doing, how the moving pieces relate to each other, and the domain itself to find the exploit. The LLM can zero in on the problems much easier, and actually take the steps to try the exploit. For example, for the case I mentioned with piefed, the issue was very subtle way the oauth token was being misused. It wasn’t localized in one place where auth was done, but manifested in a different part of the codebase that relied on it. Something like that would take a lot of dedicated work to find manually.