• ☆ Yσɠƚԋσʂ ☆@lemmy.mlOP
          link
          fedilink
          arrow-up
          1
          ·
          1 day ago

          What I’m saying here is that the way you actually use LLMs is by having them go through the steps of the exploit. It makes a hypothesis and then it tries it, and then you see the result. There’s nothing to be fooled by here because the steps it takes either work or they don’t.

          The reason LLMs are much better at finding these vulnerabilities is because a human can’t keep a large codebase in their head all at once. If you look at a project like Lemmy for example, there’s a ton of code in it. You have to be an expert in what that code is doing, how the moving pieces relate to each other, and the domain itself to find the exploit. The LLM can zero in on the problems much easier, and actually take the steps to try the exploit. For example, for the case I mentioned with piefed, the issue was very subtle way the oauth token was being misused. It wasn’t localized in one place where auth was done, but manifested in a different part of the codebase that relied on it. Something like that would take a lot of dedicated work to find manually.

            • ☆ Yσɠƚԋσʂ ☆@lemmy.mlOP
              link
              fedilink
              arrow-up
              1
              ·
              1 day ago

              Yes, these are absolutely things humans struggle to do. And finding more exploits faster is literally better.

              Again, you just keep ignoring what I write here and you clearly don’t understand how these tools are actually used. You’re not just having LLM come up with some hypothesis at random here. You use the tool to do the attack. I don’t know why this bit of information is so hard for you to process.

              Also, it should be obvious why it’s hard to find correlations in a large set of data than in a small one. Go think about why where’s waldo is hard for humans.

              Or not. Maybe for you it would be, but not for a trained researcher.

              Maybe you should stop trying to debate a topic you’re very clearly not qualified to have an opinion on. It doesn’t matter if there are intermediate steps which are necessary to make or not. The discussion is about exploits. Either you get unauthorized access or you don’t. Either you have a hole in your system or you don’t.

              And as I’ve repeatedly explained to you, and you studiously ignored, finding and exploiting these vulnerabilities is part of the same process. The LLM tests what it does against a live system, and it builds the exploit step by step.

              Also, here’s what Linus has to say on the subject since you’re just going to ignore anything I say. https://www.theregister.com/security/2026/05/18/linus-torvalds-says-ai-powered-bug-hunters-have-made-linux-security-mailing-list-almost-entirely-unmanageable/5241633

                • ☆ Yσɠƚԋσʂ ☆@lemmy.mlOP
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  1 day ago

                  worked in security for a decade. I think I am entitled to my own opinion, even if you don’t like or don’t understand it.

                  Not only do I understand your opinion, I’ve also spent a lot of time explaining the problems with your claims here.

                  Also, not sure what the lol here is. What the part you highlighted supports my point which is it’s becoming much easier to find exploits, hence why you see more duplicate reports.

                  Cheers.