This blog post has been reported on and distorted by a lot of tech news sites using it to wax delusional about AI’s future role in vulnerability detection.

But they all gloss over the critical bit: in fairly ideal circumstances where the AI was being directed to the vuln, it had only an 8% success rate, and a whopping 28% false positive rate!

  • DickFiasco@lemm.ee
    link
    fedilink
    English
    arrow-up
    29
    ·
    4 days ago

    Additionally, we already have tools like Valgrind that would have uncovered the use-after-free bug.

    • diz@awful.systems
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 day ago

      Can’t be assed to read the bs but sometimes the use after free only happens in some rarely executed code path, or only when one branch is executed then later another branch. So you still may need fuzzing to trigger use after free for Valgrind to detect.