Hacker News new | ask | show | jobs
by tptacek 39 days ago
It's weird to say I want to "die on this hill" because that's not even something I believe. There was nothing especially difficult about this particular vulnerability. My only observation that nobody did find it before, then an LLM security firm went out looking for Linux LPEs, and thus it was discovered.

That is a very difficult fact pattern to which to attach the conclusion "LLMs have sabotaged security research" (my paraphrase).
2 comments
j16sdiz 39 days ago
Well.. every new vulnerability is one nobody did find it before.

Otherwise, it won't be classified as "new"

--

Edit:

I think LLM is very useful here.

When a researcher spot something funny, instead of spending two days on reading and testing, he can fire up a LLM and have it read all the code lead to there in ~30 minutes.

link
Yokohiii 39 days ago
The finding started with human intuition and was assisted by an LLM. You can yell "AI sec firm" 1000 times. A human got it started. You shouldn't die on that hill.
link
furyofantares 39 days ago
Of the MANY things I've completed in the last year that I would never have done without an LLM, a human got 100% of them started. The ideas were mine in every case.

But it is still a fact that I have been taking on all sorts of tasks I would never have taken on if I didn't have power tools.

link
Yokohiii 38 days ago
My comment was solely about the correct attribution who made the initial finding. It's not a comment about the value of AI. I think we can get facts right and still argue for or against AI.
link
furyofantares 38 days ago
That's a pet peeve of mine as well, the inability to discuss facts / correct mistaken things on the internet, if the fact/mistake is on the "wrong" side of an argument.

I don't think I'm doing that though.

The context is a discussion about whether it would have been found without the assistance of an LLM. I agree that further upthread there maybe some misattribution but it is not present in the post you were directly replying to and it is not really the argument being made.

link
Yokohiii 38 days ago
His whole sentiment was yelling several times "LLMs did this". He wanted to smuggle his pro AI attribution in, one way or another. In that way I could also argue "without humans, we wouldn't have LLMs." But it doesn't have value, right? I don't know why some try so hard to play down any human impact in this context. LLMs can help to find bugs. Without broader context it's a good and interesting thing. There is no need to trample over everything left and right just to overhype it.
link