[lambdaone]

It seems obvious to me that there should now be a concerted and open effort to detect malware in supply chains based on AI-based scanning. Sure, there will be an arms race in malware obfuscation, but that was coming anyway. Manual review is useless at this scale - it is just not happening.

[bornfreddy]

This is actually where LLMs could be in advantage. Any code which is not clean (i.e. could be obfuscated) will trigger alarms and deeper inspection. It is much more difficult to create a good "underhanded" exploit that LLM will miss than it is to do the same for humans, imho.

[whyever]

LLMs are vulnerable to prompt injection attacks, so I'm not sure they are in advantage.