Large language models are increasingly helping to automate vulnerability discovery and exploit development in real-world software. However, naïvely asking LLMs to identify vulnerabilities leads to a deluge of false positives that can drown out real findings. In this talk, we will present techniques that enable AI agents to find vulnerabilities at scale, fully autonomously and with zero false positives. The key to our approach is developing robust exploit validators that can conclusively determine whether an exploit claimed by the agent is real, allowing the agent to make arbitrarily many attempts without increasing the amount of human effort needed to review the results. Using these techniques, we were able to test thousands of web apps found on Docker Hub, identifying over 200 zero days and obtaining multiple CVEs. By: Brendan Dolan-Gavitt | AI Researcher, XBOW Presentation Materials Available at: https://ift.tt/E54PUk7
source https://www.youtube.com/watch?v=8voNmYCUXSk
-
Germany recalled its ambassador to Russia for a week of consultations in Berlin following an alleged hacker attack on Chancellor Olaf Scho...
-
Android’s May 2024 security update patches 38 vulnerabilities, including a critical bug in the System component. The post Android Update ...
No comments:
Post a Comment