Again, I’m not disagreeing that you can use LLMs to audit all these things. All I’m saying is that software is by far the easiest place to apply models and actually try out exploits end to end.
I disagree. Finding them has been the easy part. We’ve been using static analysers that could find common vulnerabilities for decades now, and LLMs are pretty good at text tokenisation, searching and matching.
Exploiting them is the hard part. Most researchers would tell you that once they suspect there’s something that can be exploited, there’s a laborious process that comes afterwards, consisting mostly of a lot of trial and error, and progressive discovery.
You’re entitled to your opinion, but finding vulnerabilities goes far beyond simply doing static analysis. LLMs are able to find vulnerabilities that emerge from subtle interactions between different features, where things like keys and security credentials aren’t handled properly, and finding these by hand in a large codebase is nearly impossible.
The very process of finding these vulnerabilities gives you a path towards making an exploit. And the LLM can actually do this laborious process largely autonomously as well. It can probe a site for example, look at the results, and iterate on them. It’s an incredibly effective tool for both finding exploits and testing them out in the wild.
In fact, you can ask piefed devs about their recent security debacle that an LLM exposed and gave a step by step guide for exploiting.
I know how finding vulnerabilities works. I was using static analysis as an example of why exploiting them is the hard part, something that you don’t seem to disagree with.
And I gave you a concrete example of how LLMs both find and exploit these vulnerabilities. It’s quite evident that your disagreement stems from not having actually used these tools to find vulnerabilities.
Finding the bugs was never the benchmark, exploiting them is.
Finding them is a prerequisite to exploiting them, and by far the hardest part. Once you know what the exploit is, abusing it is not difficult.
Depends on the exploit. Sometimes it requires physical access to a port with contacts hidden under conformal coating that damages when removed.
The context here is obviously software exploits given that we’re talking about LLM finding them.
That was not obvious to me. LLMs have been used for finding hardware, firmware, RF, software, and social exploits.
RAM side-channel attacks are a good example of software exploits that are harder to exploit than find the vulnerability.
Sure, you can do all that as well, but the context is an article about cyber security.
Cybersecurity includes finding hardware, firmware, RF, software, and social exploits.
Again, I’m not disagreeing that you can use LLMs to audit all these things. All I’m saying is that software is by far the easiest place to apply models and actually try out exploits end to end.
Your original comment was:
I disagree. Finding them has been the easy part. We’ve been using static analysers that could find common vulnerabilities for decades now, and LLMs are pretty good at text tokenisation, searching and matching.
Exploiting them is the hard part. Most researchers would tell you that once they suspect there’s something that can be exploited, there’s a laborious process that comes afterwards, consisting mostly of a lot of trial and error, and progressive discovery.
You’re entitled to your opinion, but finding vulnerabilities goes far beyond simply doing static analysis. LLMs are able to find vulnerabilities that emerge from subtle interactions between different features, where things like keys and security credentials aren’t handled properly, and finding these by hand in a large codebase is nearly impossible.
The very process of finding these vulnerabilities gives you a path towards making an exploit. And the LLM can actually do this laborious process largely autonomously as well. It can probe a site for example, look at the results, and iterate on them. It’s an incredibly effective tool for both finding exploits and testing them out in the wild.
In fact, you can ask piefed devs about their recent security debacle that an LLM exposed and gave a step by step guide for exploiting.
I know how finding vulnerabilities works. I was using static analysis as an example of why exploiting them is the hard part, something that you don’t seem to disagree with.
And I gave you a concrete example of how LLMs both find and exploit these vulnerabilities. It’s quite evident that your disagreement stems from not having actually used these tools to find vulnerabilities.
Have you?
Yes, quite extensively in fact. That’s how I found a massive security hole in piefed that I mentioned earlier in fact.
I assume you’re a security researcher?