KI findet Fehler, die Hacker ausnutzen können. Machen Sie sich bereit für Bugmageddon.
https://www.wsj.com/tech/ai/ai-is-finding-bugs-that-hackers-can-exploit-get-ready-for-bugmageddon-baaff236
KI findet Fehler, die Hacker ausnutzen können. Machen Sie sich bereit für Bugmageddon.
https://www.wsj.com/tech/ai/ai-is-finding-bugs-that-hackers-can-exploit-get-ready-for-bugmageddon-baaff236
28 Kommentare
Assuming that this is actually the case this „Bugmageddon“ will end not long after it started. It’s not like the devs are not going to use AI to find those bugs too.
Bugma balls
Gottem
As someone with 20 years of experience in software engineering of critical systems (telecom, banking, etc) – we usually have a backlog of few hundreds or thousands bugs to fix but management does not give a fuck because it does not impact revenue or security compliance.
Many „critical“ security bugs are not being fixed because they have like mission-impossible scope (i.e you need to break into datacenter and connect your laptop to a specific chassis, then wait 5h for a right signal, etc).
So AI would do shit except add few thousand new backlog entries no one gives a fuck anyway. And also add extra work for human engineers who eventually need to analyze and reproduce the bug.
We already have had for years source code bug scanning tools and it’s pain in the ass to work with with a lot of noise and false positives. It works and there is value to it but you need to plan and do it right – something that vibe managers will never grasp.
Sure, they may or will be few high profile bugs found in popular software but nothing that will transform the industry.
I guess it’s time to move away from the internet and disconnect all devices from the internet. It’s going to be a ride to where I don’t want to be a part of. Let me know when the smoke clears.
Good thing I never update my computer.
So long as everyone has access to them at the same time it’s an even game
Sneakers was a fun movie, just a couple decades ahead of its time… „Too many secrets.“
Don’t wanna be that guy, but paid/subscription based articles shouldn’t be posted here.
If someone is using AI to spot holes in a system they’ll probably also leave their home IP on the logs
I’m sure this wont be a problem with all the overly complicated poorly engineered vibe coded software out there…. right?
It’s forgetting one very important point in the article. Mythos had access to the source code.
It’s not finding these bugs looking at raw machine code.
My security team has been sitting on the same bugs backlog for YEARS. Most are never a priority, and AI is not going to change that.
Man, many companies still use root user in their Dockerfiles and it’s the first no-no in the book of no-nos.
You wouldn’t IMAGINE how many tokens we have pushed into repos, just for security team to come a *year* later to let us know we have to rotate said token.
another bs armagedon ai article
Quick, hide your open source code /s
They’re also finding bugs that developers can fix…
If hackers got hold of all the root certificates. Yay, no more internet.
The Last Hackathon
A.i cant find how many r are in the strawberry word lol
This is all just hyping the AI tools
The exact opposite result will happen, get ready for all the annoying bugs to be solved before release and a decline in hacking stories in the news.
This is a tool to find and remove bugs
Another „AI iS ToO GoOd!“ article.
The only specific examples I’ve seen of this finding vulnerabilities were things already known for 10+ years. Everything else had been vague gesturing, sounds a lot like hype marketing which the AI industry is built on.
We’re already living through bugmageddon, look at what AI code has done to microsoft. No hackers required, it breaks itself.
The AI is also proposing fixes, so maybe people should just implement the damn fixes and deploy the fixed code.
Not all bugs are exploitable fyi.
Bugmageddon? No, come up with something better.
that’s why you should write software with a prompt which ends with „… Make no mistakes.“
Fuzzers were a much bigger breakthrough in finding security bugs, and the world did not collapse.
We’re still in the hype with this new model from Anthropic. The only info we have is from them stating how incredible it is. Allow me to be a bit cautious when a company says its product is just incredible and so good it can do harm to the entire universe.