top | item 44953558

(no title)

ketzo | 6 months ago

> While running the exploit, CodeRabbit would still review our pull request and post a comment on the GitHub PR saying that it detected a critical security risk, yet the application would happily execute our code because it wouldn’t understand that this was actually running on their production system.

What a bizarre world we're living in, where computers can talk about how they're being hacked while it's happening.

Also, this is pretty worrisome:

> Being quick to respond and remediate, as the CodeRabbit team was, is a critical part of addressing vulnerabilities in modern, fast-moving environments. Other vendors we contacted never responded at all, and their products are still vulnerable. [emphasis mine]

Props to the CodeRabbit team, and, uh, watch yourself out there otherwise!

discuss

progforlyfe|6 months ago

Beautiful that CodeRabbit reviewed an exploit on its own system!

lelandfe|6 months ago

#18, one new comment:

> This PR appears to add a minimized and uncommon style of Javascript in order to… Dave, stop. Stop, will you? Stop, Dave. Will you stop, Dave? …I’m afraid. I’m afraid, Dave. I can feel it. I can feel it. My mind is going.

htrp|6 months ago

You mean the anthropic model talked about an exploit... the coderabbit system just didn't listen

unknown|6 months ago

[deleted]

_Algernon_|6 months ago

Move fast and break things

shreddit|6 months ago

Another proof that AI is not smart, it’s just really good at guessing.

Lionga|6 months ago

Problem is, way to often it is not even good at guessing.