Comment by 0xbadcafebee

20 days ago

Sure, but the LLMs will just chain 14 functions instead of 7. If all C code is rewritten in Rust tomorrow that still leaves all the other bug classes. Eliminating a bug class might have made human attacks harder, but now with LLMs the "hardness" factor is purely how much token money you have.

2 comments

0xbadcafebee

Reply
adrianN  20 days ago

Llms are not magic. Fixing a large class of exploits makes exploitation harder.

  • 0xbadcafebee  19 days ago

    They kind of are magic, that's the point. You can just tell them to look at every other bug class, and keep them churning on it until they find something. You can fast-forward through years of exploit research in a week. The "difficulty" of different bug classes is almost gone. (I think people underestimate just how many exploits are out there in other classes because they've been hyperfocused on the low-hanging fruit)