undefined | Better HN

Skip to content

Top Best Ask Show New Jobs

0 pointseqvinox1mo ago0 comments

I don't think the copy.fail people understood the issue they found, as is evident by the heavy focus on AF_ALG/aead_algif, which is essentially "innocent" as we're seeing here.

I think LLMs are great for vulnerability discovery, but you need to not skimp on the legwork and understanding what even you just found there.

0 comments

8 comments · 2 top-level

tptacek1mo ago· 6 in thread

Right but without the LLM the bug doesn't get found at all.

_AzMoo1mo ago

That's not necessarily true. Who's to say the security researchers wouldn't have found it if they'd searched the code manually?

tptacek1mo ago

It's an AI security firm! You might just as productively ask "why did all the other engineers who ever looked at this code not find it, and why was Theori the one to actually surface it?".

UltraSane1mo ago

It would have taken a LOT longer but often this kind of manual search is so tedious people just don't do it. LLMs don't get bored.

cp91mo ago

I’m hardly going to simp for LLM tools but the fact that the bug existed and no one had reported it seems proof positive no one was about to find it without them

eqvinoxOP1mo ago

Yes, I agree. I'm not the GP poster.

baq1mo ago

Safer to assume at least one of NSA, Mosad and a few others were sitting on it for years.

totallyrandom__1mo ago

Am I missing something? Where does it say that the researcher that found Dirty Frag used LLM to find it? Have you read the original report from the researcher?

j / k navigate · click thread line to collapse