• TrippinMallard@lemmy.ml
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    2 days ago

    That was not obvious to me. LLMs have been used for finding hardware, firmware, RF, software, and social exploits.

    RAM side-channel attacks are a good example of software exploits that are harder to exploit than find the vulnerability.

        • ☆ Yσɠƚԋσʂ ☆@lemmy.mlOP
          link
          fedilink
          arrow-up
          2
          arrow-down
          1
          ·
          2 days ago

          Again, I’m not disagreeing that you can use LLMs to audit all these things. All I’m saying is that software is by far the easiest place to apply models and actually try out exploits end to end.

          • TrippinMallard@lemmy.ml
            link
            fedilink
            arrow-up
            2
            ·
            2 days ago

            Your original comment was:

            Finding them is a prerequisite to exploiting them, and by far the hardest part. Once you know what the exploit is, abusing it is not difficult.

                  • TrippinMallard@lemmy.ml
                    link
                    fedilink
                    arrow-up
                    2
                    ·
                    1 day ago

                    I believe your intent. Reponses before your clarification are justified in operating under a general cybersecurity definition, not one tied only to a narrower scope of just software.

                    Claiming context is obvious is flawed. Obvious is a local term. It may have been obvious to you, it was not obvious from the statement itself.

                    Your internal context should not be treated as globally shared context.