So, wait, the whole “Mythos AI is so powerful it can find exploits in any software” thing requires both access to the source code and thousands of runs to find anything remotely actionable? This is the “too dangerous to release” model they’ve been hyping up?
Is that really it?
@baldur Have you heard of fuzzing
https://en.wikipedia.org/wiki/Fuzzing
this is very compute and time intensive and works against the code you're attacking.
It's not very beautiful, but it surfaces bugs that can't otherwise be found without putting in the work.
Why is that? SOTA static analyzers like Coverity are great, and find their own classes of otherwise unfindable bugs. But they only look for what they know.
The new AI methods find new problems in old code the other ways don't. It's very scary.
Baldur Bjarnason
degenerating degenerate