Tag: vulnerability detection
-
Schneier on Security: Subverting LLM Coders
Source URL: https://www.schneier.com/blog/archives/2024/11/subverting-llm-coders.html Source: Schneier on Security Title: Subverting LLM Coders Feedly Summary: Really interesting research: “An LLM-Assisted Easy-to-Trigger Backdoor Attack on Code Completion Models: Injecting Disguised Vulnerabilities against Strong Detection“: Abstract: Large Language Models (LLMs) have transformed code com- pletion tasks, providing context-based suggestions to boost developer productivity in software engineering. As users often…
-
Slashdot: Google’s Big Sleep LLM Agent Discovers Exploitable Bug In SQLite
Source URL: https://tech.slashdot.org/story/24/11/05/1532207/googles-big-sleep-llm-agent-discovers-exploitable-bug-in-sqlite?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Google’s Big Sleep LLM Agent Discovers Exploitable Bug In SQLite Feedly Summary: AI Summary and Description: Yes **Summary:** Google has leveraged a large language model (LLM) agent, “Big Sleep,” to identify a previously undiscovered memory vulnerability in SQLite, marking a significant advancement in automated vulnerability discovery. This initiative showcases…
-
Schneier on Security: AIs Discovering Vulnerabilities
Source URL: https://www.schneier.com/blog/archives/2024/11/ais-discovering-vulnerabilities.html Source: Schneier on Security Title: AIs Discovering Vulnerabilities Feedly Summary: I’ve been writing about the possibility of AIs automatically discovering code vulnerabilities since at least 2018. This is an ongoing area of research: AIs doing source code scanning, AIs finding zero-days in the wild, and everything in between. The AIs aren’t very…
-
The Register: Google claims Big Sleep ‘first’ AI to spot freshly committed security bug that fuzzing missed
Source URL: https://www.theregister.com/2024/11/05/google_ai_vulnerability_hunting/ Source: The Register Title: Google claims Big Sleep ‘first’ AI to spot freshly committed security bug that fuzzing missed Feedly Summary: You snooze, you lose, er, win Google claims one of its AI models is the first of its kind to spot a memory safety vulnerability in the wild – specifically an…
-
Anchore: Grype Support for Azure Linux 3 released
Source URL: https://anchore.com/blog/grype-support-for-azure-linux-3-released/ Source: Anchore Title: Grype Support for Azure Linux 3 released Feedly Summary: On September 26, 2024 the OSS team at Anchore released general support for Azure Linux 3, Microsoft’s new cloud-focused Linux distribution. This blog post will share some of the technical details of what goes into supporting a new Linux distribution…
-
Anchore: Who watches the watchmen? Introducing yardstick validate
Source URL: https://anchore.com/blog/who-watches-the-watchmen-introducing-yardstick-validate/ Source: Anchore Title: Who watches the watchmen? Introducing yardstick validate Feedly Summary: Grype scans images for vulnerabilities, but who tests Grype? If Grype does or doesn’t find a given vulnerability in a given artifact, is it right? In this blog post, we’ll dive into yardstick, an open-source tool by Anchore for comparing…
-
Simon Willison’s Weblog: From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code
Source URL: https://simonwillison.net/2024/Nov/1/from-naptime-to-big-sleep/#atom-everything Source: Simon Willison’s Weblog Title: From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code Feedly Summary: From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code Google’s Project Zero security team used a system based around Gemini 1.5 Pro to find…
-
Hacker News: Using Large Language Models to Catch Vulnerabilities
Source URL: https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html Source: Hacker News Title: Using Large Language Models to Catch Vulnerabilities Feedly Summary: Comments AI Summary and Description: Yes Summary: The Big Sleep project, a collaboration between Google Project Zero and Google DeepMind, has successfully discovered a previously unknown exploitable memory-safety vulnerability in SQLite through AI-assisted analysis, marking a significant advancement in…