Episode 426 - Automatically exploiting CVEs with AI

Open Source Security

Apr 29, 2024•38 min•Ep. 426

--:--

Listen in podcast apps:

Apple Podcasts

Spotify

Download

Listen to this episode in Metacast mobile app

Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Josh and Kurt talk about a paper describing using a LLM to automatically create exploits for CVEs. The idea is probably already happening in many spaces such as pen testing and intelligence services. We can't keep up with the number of vulnerabilities we have, there's no way we can possibly keep up with a glut of LLM generated vulnerabilities. We really need to rethink how we handle vulnerabilities.

Show Notes

OpenAI's GPT-4 can exploit real vulnerabilities by reading security advisories
paper: LLM Agents can Autonomously Exploit One-day Vulnerabilities
Cisco Fixes RV320/RV325 Vulnerability by Banning “curl” in User-Agent
Episode 219 – Chat with Larry Cashdollar
Cory Doctorow: What Kind of Bubble is AI?

For the best experience, listen in Metacast app for iOS or Android