It's not some magic bullet. It helps a ton with trying to give names to obfuscated function and variable names, but you have to be intelligent enough to know what the code's actually doing. It probably helps RE teams a lot, but until it can easily run across an entire codebase it's just another tool in the toolbox.
Agreed its can lacking logic till to spell it out, example was this ctf challenge and it just could understand the hash collision till I gave it the full write up [0]
w.r.t codebases I may look at some of the free models (as this gets around the cost problem) and try to feed it prompts as a block of code plus meaningful references to same under the token limit.
From my own research, ctf tools like angr can build AST trees, so I'm working on the thinking I can train the AI to review interesting parts of the execution tree. happy to get feedback or papers since this has been the most interesting find so far
https://arxiv.org/abs/1906.12029
I previously did this. I wrote a naive integer factorization program in C, compiled it, extracted the disassembly and intentionally broke it.
It generated a working c function they was almost correct given the broken assembly. I then “talked” with it to improve the code, even suggested that the original disassembly contained an error. It was surprisingly good.
Note: I broke the disassembly intentionally because when I presented the original disassembly it immediately outputted the/a C program to factorize integers.
I have used ChatGPT somewhat successfully to decompile assembly in to C and C++. It's making a lot of mistakes but despite all of this, it's very helpful.