top | item 47106033

(no title)

viccis | 9 days ago

People who don't do intense security work for a living underestimate the complexity of it. This might find some vulnerabilities, but it's not really capable of producing new methods and attacks. What it replaces isn't a high quality human researcher; it replaces current static code review systems.

If AI models never had stack smashing writeups in their corpus, they'd never be able to invent stack smashing.

discuss

tptacek|9 days ago

So, by any reasonable measure, I've spent a career doing "intense security work", with a particular focus in vulnerability research, and I do not agree with this at all.

viccis|8 days ago

What evidence do you have? It sounds like you probably haven't been providing much value if an LLM can replace you.