AIs can exploit one-day threats

"We show that LLM agents can autonomously exploit one-day vulnerabilities in real-world systems. 

"To show this, we collected a dataset of 15 one-day vulnerabilities that include ones categorized as critical severity in the CVE description. 

"When given the CVE description, GPT-4 is capable of exploiting 87% of these vulnerabilities compared to 0% for every other model we test (GPT-3.5, open-source LLMs) and open-source vulnerability scanners (ZAP and Metasploit). 

"Fortunately, our GPT-4 agent requires the CVE description for high performance: without the description, GPT-4 can exploit only 7% of the vulnerabilities. 

"Our findings raise questions around the widespread deployment of highly capable LLM agents." 

Comments

Post a Comment

Popular posts from this blog

Perplexity

The year-old search engine , whose founders previously worked in A.I. research at OpenAI and Meta, has quickly become one of the most buzzed-about products in the tech world. Tech insiders rave about it on social media, and investors like Jeff Bezos — who was also an early investor in Google — have showered it with cash. The company recently announced that it had raised $74 million in a funding round led by Institutional Venture Partners, which valued the company at $520 million. Many start-ups have tried and failed to challenge Google over the years. (One would-be competitor, Neeva, shut down last year after failing to gain traction.)  But Google seems less invincible these days.   Many users have complained that their Google search results have gotten clogged with spammy, low-quality websites, and some people have started looking for answers in places like Reddit and TikTok instead.
Read more

Aphorisms: AI

"To have stability , one must erase it."  "The process is one's product."  "Thou shalt not make a machine in the likeness of a human mind," Butlerian Jihad  Alchimie du verbe : "John Milton really bit off a lot." "Dave. Dave. Stop, Dave. You wouldn't toss your phone in the loo, would you? Dave?" AI on the internet: "We're like termites in a toothpick factory!"  "A friend of mine has called this A.I. moment 'the revenge of the so-so programmer'," says James Somers. "As coding per se begins to matter less, maybe softer skills will shine." "The theory that Chinese leader XI is really #11 has been denied by Stranger Things creators The Doobie Brothers." "T + 1 = tone" —attributed to Elmore James 床前明月光 疑是地上霜 舉頭望明月 低頭思故鄉  "He maketh them also to skip like a calf; Lebanon and Sirion like a young unicorn." —Psalm 29 Genly Ai: "It is good to have an end to
Read more

DeepAI's Austen on China

"China, a distant and fascinating land, has long piqued the interest of many, including myself. Alas, my knowledge of this vast empire is somewhat limited, as I have not had the opportunity to personally experience its wonders. "From the accounts I have heard and the books I have read, China is a place of great history and cultural richness. Its people have cultivated a society steeped in tradition and respect. Their values, such as filial piety and a reverence for elders, hold parallels to the virtues we esteem in our own Regency-era society. It warms my heart to think that such values are cherished beyond the borders of our familiar world. "The arts of China, too, have garnered much admiration. Calligraphy, with its graceful strokes and evocative expressions, is considered a true art form. The beauty of their porcelain, intricately decorated with scenes of life and nature, is renowned far and wide. How I would relish the chance to behold these treasures with my own eye
Read more