joernchen 1d ago

LLMs now do the busywork of finding amazing vulnerabilities for everyone willing to spend the tokens.

But hacking still isn't dead:

  • We haven't at all solved the underlying problems which come with writing and shipping code.

  • You still need to understand what you're looking at and what you are operating.

  • The LLM platforms themselves are a exquisite target for hacking^Wcreative use of the technology.

    • Now when everyone can pull a CVE or two out of thin silicon and a few kWh of electricity the art of hacking might need adopt and maybe reshape a little but at its core the mind- and skillset will stay as relevant as it always was.

    In that sense: keep hacking, keep exploring, break some stuff.

    Show threadcynicalsecurity 

    @joern now is a good time to figure out how to litter your source code with "things" which cause LLMs to hallucinate, or worse.

    The game could even become hallucinating LLMs to get them to insert backdoors as part of their bug fixing.

    It will be so much fun.

    Same war, different targets, and we know who wins :)

    Apr 13 at 4:37pmWeb
    Show thread(roll m3tti)1d ago
    @cynicalsecurity @joern before reading your comment i was literary thinking the same :D