top | item 47011359

(no title)

Cyphase | 16 days ago

> Opus is already digging up security vulnerabilities[3] - imagine if those guys had 1000x instances of Claude Code to search for iPhone zero days 24/7. I think we can both agree that wouldn't be good.

If an LLM can be used to do that and find things (and they already have been), Apple (and everyone else) will run their code through it before releasing it. Sure, there'll be a transition period with existing code and while the tech is unevenly distributed. But in the hunt for potential zero days, developers can check their code before people are using it.

discuss

johnfn|12 days ago

It seems easy enough to say this, but I think reality is more complex. What about all of Apple's library dependencies? What about the dependencies of those dependencies? What about the Linux kernel? What about openssl? What about..?

Cyphase|11 days ago

What about them? All of those things could be checked as well.

The premise was that bad actors could use Claude Code and other available tools to find zero days. If such tools are available, good actors can use them, too, and they can use them before code is deployed. After a transition period, all existing code will have been checked.

There may be a long tail due to a large surface area of prompting techniques, but the better the tools get, the more advantage to good actors; as long as the good actors have equal or better access to the best tools, of course.

But I agree, reality is more complex.