Comment by bluGill
6 months ago
An real report would have a GDB trace that looks like that, so it isn't hard to create such a trace. Many of us could create a real looking GDB trace just as well by hand - it would be tedious, boring, and pointless but we could.
Oh, I'm fully aware an LLM can hallucinate a GDB trace just fine.
My complaint is: if you're trying to use an AI to help you find bugs, you'd sincerely hope that they would have *some* attempt to actually run the exploit. Having the LLM invent fake evidence that you have done so, when you haven't, is just evil, and should be resulting in these people being kicked straight off H1 completely.
That means doing work. I can get a llm to write up a bugus report in minutes and then whatever value comes frome it. Checking the report is real would take time.