"Researchers at Google said on Friday that they have discovered the first vulnerability using a large language model. "
*the first*. As in singular. And they figured they would do a media splash about it.
therecord.media/google-llm-sqlβ¦
https://mastodon.social/@bagder/113604585668635896
https://therecord.media/google-llm-sqlite-vulnerability-artificial-intelligence
@bagder Now that "25% of Googles code is generated with AI" it is probably the same LLM that introduced it in the first place
@bagder not first
@bagder itβs an indirect bounds constraint so kinda subtle - youβd have needed to know the code well to spot it, so seems valuable sqlite.org/src/info/41d58a014cβ¦
@bagder no mention of the false positive rate which seems very salient given the insane amount of your time people have tried to waste in the last few months with hallucinated bugs.
@bagder Was expecting pure bullshit based on the 'AI code review tools' I've seen, but pleasantly surprised to see that they're just using it to be a better fuzz tester
@bagder a vulnerability in SQLite, even
ββββ