|
|
|
|
|
|
by woodruffw
2 days ago
|
|
|
As with so much (LLM) security work, the devil is in the details: "~25 security issues per codebase" means nothing without a grounding in the codebase's actual security model, capabilities exposed to an attacker, etc. I haven't used Aikido's product, but my experience with similar tools is that tend to not find actual security issues until a proper security model is introduced for grounding. (I say this as someone who is, broadly, extremely impressed by and interested in the use of LLMs for security research.) |
|
|
The two classes of vulnerability given as examples are the exact kind of issue I probably don’t care about, and are not grounded in an actual security model