Comment by pylotlight 4 months ago Oh yes, because LLMs are known for good security practices. 6 comments pylotlight Reply wewewedxfgdf 4 months ago I did not want to embarrass the author but the LLM showed that this library is absolutely full of major security holes.And yes, it's an LLM that pointed them out.So, are you saying the security holes don't exist because an LLM found them? trueadm 4 months ago Please can you create a Github issue with the security holes you've found? That would be greatly appreciated. I've given it a sweep and found nothing. Terretta 4 months ago Sibling's proposed approach is a recipe for false positives.Consider Claude Code's new /security-review prompt or just use the prompt starting from "Objective" after giving the context (see the Git shell commands) to Claude Opus 4.1.https://raw.githubusercontent.com/anthropics/claude-code-sec...Definitely Opus 4.1 though, not lesser. 1 reply → wewewedxfgdf 4 months ago Make a minimal zip of the the source code only (cut out anything not source code) drop it into ChatGPT and say "analyse this code for security flaws".Then ask it for more.Then do the same this with Google AI studio - drop the zipfile in and ask it to analyse for security flaws. 1 reply →
wewewedxfgdf 4 months ago I did not want to embarrass the author but the LLM showed that this library is absolutely full of major security holes.And yes, it's an LLM that pointed them out.So, are you saying the security holes don't exist because an LLM found them? trueadm 4 months ago Please can you create a Github issue with the security holes you've found? That would be greatly appreciated. I've given it a sweep and found nothing. Terretta 4 months ago Sibling's proposed approach is a recipe for false positives.Consider Claude Code's new /security-review prompt or just use the prompt starting from "Objective" after giving the context (see the Git shell commands) to Claude Opus 4.1.https://raw.githubusercontent.com/anthropics/claude-code-sec...Definitely Opus 4.1 though, not lesser. 1 reply → wewewedxfgdf 4 months ago Make a minimal zip of the the source code only (cut out anything not source code) drop it into ChatGPT and say "analyse this code for security flaws".Then ask it for more.Then do the same this with Google AI studio - drop the zipfile in and ask it to analyse for security flaws. 1 reply →
trueadm 4 months ago Please can you create a Github issue with the security holes you've found? That would be greatly appreciated. I've given it a sweep and found nothing. Terretta 4 months ago Sibling's proposed approach is a recipe for false positives.Consider Claude Code's new /security-review prompt or just use the prompt starting from "Objective" after giving the context (see the Git shell commands) to Claude Opus 4.1.https://raw.githubusercontent.com/anthropics/claude-code-sec...Definitely Opus 4.1 though, not lesser. 1 reply → wewewedxfgdf 4 months ago Make a minimal zip of the the source code only (cut out anything not source code) drop it into ChatGPT and say "analyse this code for security flaws".Then ask it for more.Then do the same this with Google AI studio - drop the zipfile in and ask it to analyse for security flaws. 1 reply →
Terretta 4 months ago Sibling's proposed approach is a recipe for false positives.Consider Claude Code's new /security-review prompt or just use the prompt starting from "Objective" after giving the context (see the Git shell commands) to Claude Opus 4.1.https://raw.githubusercontent.com/anthropics/claude-code-sec...Definitely Opus 4.1 though, not lesser. 1 reply →
wewewedxfgdf 4 months ago Make a minimal zip of the the source code only (cut out anything not source code) drop it into ChatGPT and say "analyse this code for security flaws".Then ask it for more.Then do the same this with Google AI studio - drop the zipfile in and ask it to analyse for security flaws. 1 reply →
I did not want to embarrass the author but the LLM showed that this library is absolutely full of major security holes.
And yes, it's an LLM that pointed them out.
So, are you saying the security holes don't exist because an LLM found them?
Please can you create a Github issue with the security holes you've found? That would be greatly appreciated. I've given it a sweep and found nothing.
Sibling's proposed approach is a recipe for false positives.
Consider Claude Code's new /security-review prompt or just use the prompt starting from "Objective" after giving the context (see the Git shell commands) to Claude Opus 4.1.
https://raw.githubusercontent.com/anthropics/claude-code-sec...
Definitely Opus 4.1 though, not lesser.
1 reply →
Make a minimal zip of the the source code only (cut out anything not source code) drop it into ChatGPT and say "analyse this code for security flaws".
Then ask it for more.
Then do the same this with Google AI studio - drop the zipfile in and ask it to analyse for security flaws.
1 reply →