larsborn12h ago
joernchen 

LLMs now do the busywork of finding amazing vulnerabilities for everyone willing to spend the tokens.

But hacking still isn't dead:

  • We haven't at all solved the underlying problems which come with writing and shipping code.

  • You still need to understand what you're looking at and what you are operating.

  • The LLM platforms themselves are a exquisite target for hacking^Wcreative use of the technology.

    • Now when everyone can pull a CVE or two out of thin silicon and a few kWh of electricity the art of hacking might need adopt and maybe reshape a little but at its core the mind- and skillset will stay as relevant as it always was.

    In that sense: keep hacking, keep exploring, break some stuff.

    Apr 13 at 4:07pmWeb
    Show threadcynicalsecurity 18h ago

    @joern now is a good time to figure out how to litter your source code with "things" which cause LLMs to hallucinate, or worse.

    The game could even become hallucinating LLMs to get them to insert backdoors as part of their bug fixing.

    It will be so much fun.

    Same war, different targets, and we know who wins :)

    Show thread(roll m3tti)18h ago
    @cynicalsecurity @joern before reading your comment i was literary thinking the same :D
    Show threadgittaca16h ago
    @joern Can any non-cloud LLM do that "busywork" or are we talking about a vendor dependency here?
    Show threadjoernchen 15h ago
    @gittaca It doesn’t matter because enough people will do it regardless of what you or I do.
    Show threadgittaca18m ago
    @joern Vendor dependency doesn't matter? Not even when the vendors aren't profitable and the bubble pops at some point?