crdotson
- 14 Followers
- 6 Following
- 49 Posts
nixCraft 🐧I've got some news about office environments. The absolute worst part for me was dealing with the rampant gossip and laziness. People would chat all day, accomplish next to nothing, and then pretend they were some kind of heroes for staying late. People walk around, take lunch or bathroom breaks, attend meetings, etc. Office or Home people will walk around. Stop writing stupid stories to promote back-to-office culture and risk everyone’s health.
@jerry if you haven't already seen this, you should, because a) llamas, of course, and b) how cool is it that you can run an LLM locally from a single file? https://github.com/Mozilla-Ocho/llamafile
Well, that’s unsurprising but not great news. https://arxiv.org/abs/2402.06664
LLM Agents can Autonomously Hack Websites
In recent years, large language models (LLMs) have become increasingly capable and can now interact with tools (i.e., call functions), read documents, and recursively call themselves. As a result, these LLMs can now function autonomously as agents. With the rise in capabilities of these agents, recent work has speculated on how LLM agents would affect cybersecurity. However, not much is known about the offensive capabilities of LLM agents. In this work, we show that LLM agents can autonomously hack websites, performing tasks as complex as blind database schema extraction and SQL injections without human feedback. Importantly, the agent does not need to know the vulnerability beforehand. This capability is uniquely enabled by frontier models that are highly capable of tool use and leveraging extended context. Namely, we show that GPT-4 is capable of such hacks, but existing open-source models are not. Finally, we show that GPT-4 is capable of autonomously finding vulnerabilities in websites in the wild. Our findings raise questions about the widespread deployment of LLMs.