undefined | Better HN

0 pointsMangoToupe5mo ago0 comments

> if someone finds a security vulnerability in a commonly-emitted-by-LLMs code pattern

how do you distinguish this from injecting a vulnerable dependency to a dependency list?

0 comments

Retr0id5mo ago

You can more easily check for known-vulnerable dependencies

MangoToupeOP5mo ago

Right, but if you can embed bad packages in LLMs, you can surely embed any kind of vulnerability imaginable.

Retr0id5mo ago

I'm not thinking about deliberately embedded vulnerabilities, just accidental/emergent ones. The modern equivalent of devs copy-pasting stackoverflow answers that happen to contain SQL injection vulns.

MangoToupeOP5mo ago

Does the distinction make any difference?

1 more reply

j / k navigate · click thread line to collapse

0 comments

Retr0id5mo ago

You can more easily check for known-vulnerable dependencies

MangoToupeOP5mo ago

Right, but if you can embed bad packages in LLMs, you can surely embed any kind of vulnerability imaginable.

Retr0id5mo ago

MangoToupeOP5mo ago

Does the distinction make any difference?

1 more reply

j / k navigate · click thread line to collapse