this post was submitted on 01 Jun 2025
23 points (89.7% liked)

savedyouaclick

177 readers
1 users here now

News and other articles with clickbait bypassed by including the spoiler in the title (put it after a vertical bar "|") or in the post body. Same basic idea as reddit's savedyouaclick, but less uptight for now. E.g. it's fine to link directly to non-paywalled news sources. Mod volunteers wanted.

founded 11 months ago
MODERATORS
solrize@lemmy.world
23
ChatGPT has found a vulnerability in the Linux kernel code | The CVE has already been found by the pentester manually and GPT was prompted to find that exact CVE. It found it 8/100 times. (linuxiac.com)
submitted 1 month ago* (last edited 1 month ago) by Luffy879@lemmy.ml to c/savedyouaclick@lemmy.world
6 comments fedilink hide all child comments
 

If you dont know, already knowing what to look for is a very big help in finding vulnerabilities. Its like handing an architect a build for a house and saying „There may be a problem, but there may be none.” vs saying „There is a problem in the 3rd floor, because last time it collapsed after having to hold over 200kg”. For one, you don't look into it too much, but for the other you already know where to look and what to look for.

you are viewing a single comment's thread
view the rest of the comments
[–] Rentlar@lemmy.ca -3 points 1 month ago (1 children)

What I understood from the article was that the developer was testing it on a vulnerability they found, and the AI detected it very occasionally. It found a random other problem, which yes can often be a false positive, but I gathered from the article that there was one that was a previously undiscovered vulnerability. But that's where the developer verifies instead of taking ChatGPT at its word.

Of course I still don't trust it to code the fix, but in terms of looking for problem areas in code. While its effectiveness in practice is marginal, as an application of AI in general, it can search big areas and try to come up with a few candidates, that I think is a legit use case.

[–] Luffy879@lemmy.ml 2 points 1 month ago

I mean, if you run it 100 Times and spend like 2 Months chasing down the false positives, maybe.