Comment by paweladamczuk
9 hours ago
What about the cybersecurity aspect of bespoke software?
A cybersecurity research company can now spend a small fortune on finding zero days in iOS because of the amount of people that use it. It basically guarantees there will be clients like government agencies willing to pay through the nose for the exploits.
Software made for one might disrupt this business model.
Software made for one, made by LLMs which regurgitate the average of existing tools, are going to have more security issues, not less.
But how would you exploit them when every one of them is subtly different?
With software that's deployed to millions of computers you have an abundance of targets, but trying to target some random LLM average todo list at scale is hard, isn't it?
Yes, but it should be fairly easy to "simply" attack the common technologies that LLMs keep parroting. NextJS, or some Rust tools, or whatever other tools LLMs "love" using, are all great targets.
Once millions of completely unskilled developers have "workflows" that consist of asking an LLM to make a thing, followed by those LLMs pulling in the same 100 (often outdated versions of) dependencies, you have a beautiful attack vector.
Yes, it's "easy" to attack something like Obsidian. It's probably easier to attack a couple hundred dependencies LLMs like to use, or to test what LLMs commonly do to implement things from scratch, and attack those weaknesses.
We are just lucky that enough real, smart, people engineered things that actually work, are well understood, and keep us safe, like firewalls.