[duk3luk3]

You appear to want to die on the hill of "This vulnerability would never have been found if we lived in a world without LLM AI" which is a very strange hill to die on.

There's no question that we live in the world where LLM AI was involved in finding the copy fail vulnerability at this specific time, and it's completely normal for people to see a vulnerability and then look closer and find related vulnerabilities or a deeper root cause, but there's no need to adopt an extreme "without AI LLM we don't find these vulnerabilities" position.

[tptacek]

It's weird to say I want to "die on this hill" because that's not even something I believe. There was nothing especially difficult about this particular vulnerability. My only observation that nobody did find it before, then an LLM security firm went out looking for Linux LPEs, and thus it was discovered.

That is a very difficult fact pattern to which to attach the conclusion "LLMs have sabotaged security research" (my paraphrase).

[j16sdiz]

Well.. every new vulnerability is one nobody did find it before.

Otherwise, it won't be classified as "new"

--

Edit:

I think LLM is very useful here.

When a researcher spot something funny, instead of spending two days on reading and testing, he can fire up a LLM and have it read all the code lead to there in ~30 minutes.

[Yokohiii]

The finding started with human intuition and was assisted by an LLM. You can yell "AI sec firm" 1000 times. A human got it started. You shouldn't die on that hill.

[furyofantares]

Of the MANY things I've completed in the last year that I would never have done without an LLM, a human got 100% of them started. The ideas were mine in every case.

But it is still a fact that I have been taking on all sorts of tasks I would never have taken on if I didn't have power tools.

[Yokohiii]

My comment was solely about the correct attribution who made the initial finding. It's not a comment about the value of AI. I think we can get facts right and still argue for or against AI.

[furyofantares]

That's a pet peeve of mine as well, the inability to discuss facts / correct mistaken things on the internet, if the fact/mistake is on the "wrong" side of an argument.

I don't think I'm doing that though.

The context is a discussion about whether it would have been found without the assistance of an LLM. I agree that further upthread there maybe some misattribution but it is not present in the post you were directly replying to and it is not really the argument being made.

[Yokohiii]

His whole sentiment was yelling several times "LLMs did this". He wanted to smuggle his pro AI attribution in, one way or another. In that way I could also argue "without humans, we wouldn't have LLMs." But it doesn't have value, right? I don't know why some try so hard to play down any human impact in this context. LLMs can help to find bugs. Without broader context it's a good and interesting thing. There is no need to trample over everything left and right just to overhype it.