undefined | Better HN

0 pointsmmsc1y ago0 comments

Can you expand on what you mean by this, and why?

0 comments

The best vulnerability is one that is hard to detect because it looks like a bug. It's not inconceivable to train an LLM to silently slip vulnerabilities in generated code. Someone who does not have a whole lot of programming experience is unlikely to detect it.

tl;dr it takes running untrusted code to a new level.

caspg1y ago

WebAssembly sandboxes might become handy.

troupo1y ago

That guards against a small subset of vulnerabilities.

Since the original desire was to build any kind of personal/commercial app on an OS, the amount of potential vulnerabilities is potentially infinite.

1 more reply

jstummbillig1y ago

Meh. Why would the model makers not be fantastic security vectors? The motivation to not be the company known to "silently slip vulnerabilities in generated code" seems fairly obvious.

People have always been able to slip in errors. I am confused why we assume that a LLM will on average not be better but worse on this front, and I suspect a lot of residual human-bias and copium.

j / k navigate · click thread line to collapse