Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
energy123 5 hours ago

My feeling is the defender wins in the long-run. There's only a finite number of bugs and vulnerabilities.

Melatonic an hour ago | parent | next [-]

Semi agreed but I think that we are likely to see a ton of vulnerabilities found in the near term as AI's go through codebases and find all the stuff that was missed over the years. Once that period has (mostly) passed I imagine things will slowdown to somewhat similar to a normal stream of bugs and vulns and as new code is created.

sebastiennight 2 hours ago | parent | prev | next [-]

Surely there is a mathematical model here, but intuitively I do think there is an infinite number of typos and errors you could contain in the set of finite books, and similarly there would be an unlimited number of bugs and vulns in the set of Turing machines.

root_axis an hour ago | parent | prev | next [-]

> There's only a finite number of bugs and vulnerabilities.

The context of an LLM is also finite.

Vulnerabilities are perpetually being created, and this will be true no matter how good LLMs become at writing code - there's simply too many factors that can contribute to something apparently benign becoming dangerous.

ViscountPenguin 5 minutes ago | parent [-]

Lots of bugs seem to be fundamentally quite local, but potentially with global trigger conditions. Heart bleed for example could've been avoided even if you could only read small segments of the codebase at a time, but could only be triggered with more context.

I suspect that a combination of ai and memory safe languages will really shine in the next decade.

jeffbee 4 hours ago | parent | prev [-]

I doubt you can prove that.

energy123 4 hours ago | parent [-]

Do you think the attacker or defender will have been the overall beneficiary of LLMs when we look back in 5 years from now?

jeffbee 3 hours ago | parent [-]

I don't know, I think it will mostly come down to which side has better recruiting. In other words, all things being equal, I think it's a wash. It was the second part of your claim that I don't think can be proven.