Episode 426 - Automatically exploiting CVEs with AI

Josh and Kurt talk about a paper describing using a LLM to automatically create exploits for CVEs. The idea is probably already happening in many spaces such as pen testing and intelligence services. We can't keep up with the number of vulnerabilities we have, there's no way we can possibly keep up with a glut of LLM generated vulnerabilities. We really need to rethink how we handle vulnerabilities. Show Notes OpenAI's GPT-4 can exploit real vulnerabilities by reading security advisories paper: LLM Agents can Autonomously Exploit One-day Vulnerabilities Cisco Fixes RV320/RV325 Vulnerability by Banning “curl” in User-Agent Episode 219 – Chat with Larry Cashdollar Cory Doctorow: What Kind of Bubble is AI?

Om Podcasten

Open Source Security is a media project to help showcase and educate on open source security. Our goal is to give the community a platform educate both developers and users on how open source security works. There’s a lot of good work happening that doesn’t get attention because there’s no marketing department behind it, they don’t have a developer relations team posting on LinkedIn every two hours. Let’s focus on those people and teams then learn what they do and how they do it. The goal is to hear from the people doing the work, they know what’s up, they have a lot to teach us. We just have to listen.