undefined | Better HN

0 pointsRetr0id3mo ago0 comments

It's going to be fun if someone finds a security vulnerability in a commonly-emitted-by-LLMs code pattern. That'll be a lot harder to remediate than "Update dependency xyz"

0 comments

MangoToupe3mo ago

> if someone finds a security vulnerability in a commonly-emitted-by-LLMs code pattern

how do you distinguish this from injecting a vulnerable dependency to a dependency list?

Retr0idOP3mo ago

You can more easily check for known-vulnerable dependencies

MangoToupe3mo ago

Right, but if you can embed bad packages in LLMs, you can surely embed any kind of vulnerability imaginable.

1 more reply

j / k navigate · click thread line to collapse

0 pointsRetr0id3mo ago0 comments

It's going to be fun if someone finds a security vulnerability in a commonly-emitted-by-LLMs code pattern. That'll be a lot harder to remediate than "Update dependency xyz"

0 comments

MangoToupe3mo ago

> if someone finds a security vulnerability in a commonly-emitted-by-LLMs code pattern

how do you distinguish this from injecting a vulnerable dependency to a dependency list?

Retr0idOP3mo ago

You can more easily check for known-vulnerable dependencies

MangoToupe3mo ago

Right, but if you can embed bad packages in LLMs, you can surely embed any kind of vulnerability imaginable.

1 more reply

j / k navigate · click thread line to collapse