[eqvinox]

I don't think the copy.fail people understood the issue they found, as is evident by the heavy focus on AF_ALG/aead_algif, which is essentially "innocent" as we're seeing here.

I think LLMs are great for vulnerability discovery, but you need to not skimp on the legwork and understanding what even you just found there.

[tptacek]

Right but without the LLM the bug doesn't get found at all.

[_AzMoo]

That's not necessarily true. Who's to say the security researchers wouldn't have found it if they'd searched the code manually?

[tptacek]

It's an AI security firm! You might just as productively ask "why did all the other engineers who ever looked at this code not find it, and why was Theori the one to actually surface it?".

[UltraSane]

It would have taken a LOT longer but often this kind of manual search is so tedious people just don't do it. LLMs don't get bored.

[dgellow]

> LLMs don't get bored

They do not get bored like a human but they are trained on human language and replicate the same traits, such as laziness, and expressing boredom or annoyance (even if obviously they do not experience anything at all). It’s actually a lot of effort to get them to engage with things at a deeper level without skipping corners

[cp9]

I’m hardly going to simp for LLM tools but the fact that the bug existed and no one had reported it seems proof positive no one was about to find it without them

[eqvinox]

Yes, I agree. I'm not the GP poster.

[baq]

Safer to assume at least one of NSA, Mosad and a few others were sitting on it for years.

[totallyrandom__]

Am I missing something? Where does it say that the researcher that found Dirty Frag used LLM to find it? Have you read the original report from the researcher?