From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code

from blog Simon Willison's Weblog, | ↗ original
From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code Google's Project Zero security team used a system based around Gemini 1.5 Pro to find a previously unreported security vulnerability in SQLite (a stack buffer underflow), in time for it to be fixed prior to making it into a release. A key insight...
This is a short summary. ↗ Open original to view full content

Related

A Cryptographic Near Miss
Filippo Valsorda | original ↗
On reference-counting and leaks
baby steps | original ↗
0034: perf handover, compaction unchained, crash harder, sketching the query engine, focus catchup, android update policies, legopunk, a world without email, nobody cares, segcache, bloomRF, existential consistency, ssd parameters, fantastic ssd internals
Scattered Thoughts | original ↗
0032: undroppable tombstones, forest fuzzer, manifest race, hash_log, zig coercions, zig pointer hops, zig object notation, domain knowledge, built from broken, database internals, papers
Scattered Thoughts | original ↗
Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty
Blog | Sam Curry | original ↗
Exploiting Web3's Hidden Attack Surface: Universal XSS on Netlify's Next.js Library
Blog | Sam Curry | original ↗
The Mechanics of Bug Injection with LAVA
Push the Red Button | original ↗
Buffer Overflows and Stacks and Assembly, Oh My!
the website of jyn | original ↗
My journey to disclosing a vulnerability that can lock up millions in Ethereum
GEEK.SG | original ↗
"No way to prevent this" say users of only language where this regularly happens
Xe Iaso's blog | original ↗

More from Simon Willison's Weblog

NuExtract 1.5
16 Nov 2024 | original ↗

NuExtract 1.5 Structured extraction - where an LLM helps turn unstructured text (or image content) into structured data - remains one of the most directly useful applications of LLMs. NuExtract is a family of small models directly trained for this purpose, and released under the MIT license. It comes in a variety of shapes and sizes:...

Voting opens for Oxford Word of the Year 2024
15 Nov 2024 | original ↗

Voting opens for Oxford Word of the Year 2024 One of the options is slop! slop (n.): Art, writing, or other content generated using artificial intelligence, shared and distributed online in an indiscriminate or intrusive way, and characterized as being of low quality, inauthentic, or inaccurate. Via @dloss Tags: slop, ethics,...

Recraft V3
15 Nov 2024 | original ↗

Recraft V3 Recraft are a generative AI design tool startup based out of London who released their v3 model a few weeks ago. It's currently sat at the top of the Artificial Analysis Image Arena Leaderboard, beating Midjourney and Flux 1.1 pro. The thing that impressed me is that it can generate both raster and vector graphics... and the vector...

OpenAI Public Bug Bounty
14 Nov 2024 | original ↗

OpenAI Public Bug Bounty Reading this investigation of the security boundaries of OpenAI's Code Interpreter environment helped me realize that the rules for OpenAI's public bug bounty inadvertently double as the missing details for a whole bunch of different aspects of their platform. This description of Code Interpreter is significantly more...

Quoting OpenAI, Google and Anthropic Are Struggling to Build More Advanced AI
14 Nov 2024 | original ↗

Anthropic declined to comment, but referred Bloomberg News to a five-hour podcast featuring Chief Executive Officer Dario Amodei that was released Monday. "People call them scaling laws. That's a misnomer," he said on the podcast. "They're not laws of the universe. They're empirical regularities. I am going to bet in favor of them continuing, but...