| ▲ | ViewTrick1002 3 hours ago |
| What's the problem of walking the entire repo having one file at a time be the entry point for the context of an agent with tools available to run the code and poke around in the repo? |
|
| ▲ | volkk 3 hours ago | parent [-] |
| because some vulnerabilities are complex combinations of ideas and simply ingesting one file at a time isn't enough. and then the question is, well how many files, and which? and when trying to solve for that problem, then you're basically asking something intelligent on how to find a vulnerability |
| |
| ▲ | ViewTrick1002 3 hours ago | parent [-] | | Which is why it is an agent with the possibility to grep the repo, list files, say a scratch pad for experiments and so on? The file is just the entry point. Everything about LLMs today are just context management. | | |
| ▲ | volkk 2 hours ago | parent [-] | | yeah but i think my point is that you need an intelligent model to combine the files in such a way that you could give the proper context for a cheaper/dumber model to potentially find exploits. if you have dumber models doing this, wouldn't you have a borderline infinite combination of ways to setup context before you end up finding something? |
|
|
