[ddxv]

I think using open weight models will solve this. I believe they are nearly caught up and much of the gains are in the harnesses or properly orchestration of subqueries. (I'm no expert, just my opinion).

When the open weight models catch up, if they don't get lobbied and banned by OpenAi and Anthropic, then you'll be able to use them to properly secure your software.

[energy123]

I'm no cyber expert, maybe one can weigh in.

Are there zero days that only a true genius can discover? Or can a smart-enough model, run over the codebase for enough time, discover them all?

Like as we get smarter and smarter models do we expect each new generation to keep finding vulnerabilities, or to plateaue?

[__alexs]

A large part of vulnerability analysis is just having the time to crunch through enough possibilities. Expertise and smarts definitely speed this up but there's a lot of just turning the crank until something falls out. Even a relatively dumb model with some good prompting will fine vulnerabilities if you ask it to and give it the time and resources to do so.

[chillfox]

Pretty sure the secret sauce is in the summarised thinking. Maybe better though process… But I have a feeling it’s server side tools and a scratch space to prepare the reply.

Sometimes the summarised thoughts include stuff that makes no sense unless it’s got a workspace on the server. Stuff like “I am now writing x to file y”.