| ▲ | PunchyHamster 3 hours ago | |
> Before, one had to find a talented person, and get pretty lucky too. If this AI is as good as promised, you can have dependabot-style exploit finder running 24/7 for the 1/10th cost of a single FTE Not you. EVERYONE doing ANY kind of software will have to, because else attacker can just pick and choose targets to point their exploit-bot | ||
| ▲ | rcxdude 3 hours ago | parent | next [-] | |
Which has always been the case. Attackers only have to find one exploit in the weakest part of the system, and usually that's more a function of grunt work than it is being particularly sophisticated. | ||
| ▲ | fleebee 3 hours ago | parent | prev | next [-] | |
Well, you can only do that if you have access to the model. We're setting a precedent for the AI labs getting to pick and choose. | ||
| ▲ | theamk 2 hours ago | parent | prev | next [-] | |
Not "ANY" kind of software, only the software that handles untrusted data in a non-trivial way. A lot of software, like local tools, does not. | ||
| ▲ | themafia 3 hours ago | parent | prev [-] | |
> doing ANY kind of software That's not at all clear. JS escape exploits have high value in our current Internet so there's going to be a lot of prior art. It's not surprising at all that this is what their model found and it's not a statistic that immediately suggest it has any broader implications. | ||