1. We've seen LLMs detect existing supply chain attacks when pointed at malicious install scripts. This is direct, empirical support for my position.
2. We have a long history of using heuristic technologies to detect attacks. We can infer that other heuristic technologies can be combined in a successful manner.
3. Shortcomings of LLMs are directly addressed by removing attacker controlled information from the input, which I specifically called out (using tools like grep for pattern matching + using sub agents to isolate contexts). This has been demonstrated already in a number of ways - feeding the LLM derived facts instead of attacker controlled data is the well worn path to avoiding injection attacks.
And your reason for believing this is…
1. We've seen LLMs detect existing supply chain attacks when pointed at malicious install scripts. This is direct, empirical support for my position.
2. We have a long history of using heuristic technologies to detect attacks. We can infer that other heuristic technologies can be combined in a successful manner.
3. Shortcomings of LLMs are directly addressed by removing attacker controlled information from the input, which I specifically called out (using tools like grep for pattern matching + using sub agents to isolate contexts). This has been demonstrated already in a number of ways - feeding the LLM derived facts instead of attacker controlled data is the well worn path to avoiding injection attacks.
I don’t deny that LLMs can detect some attacks. I just don’t think they can be made to do so reliably.
Calling an anecdotal observation “empirical” is a new one.
I stopped reading after that.
1 reply →