Vibe Security Radar


"Some of it ships with security vulnerabilities. 

"We track the cases where vulnerable code in public advisories (CVEs, GHSAs, RustSec, and others) was authored by an AI tool.

"This is a research project from Georgia Tech SSLab (Systems Software & Security Lab, School of Cybersecurity and Privacy). 

"Our goal is to understand how AI-assisted development affects software security, not through benchmarks or synthetic tasks, but by studying real vulnerabilities that were reported and fixed in the wild."

Comments

Post a Comment

Empathy recommended

Popular posts from this blog

When their AI chums have Bob's data

Image
1 "How do we discuss Bob's prognosis with him?"   Ask Doctor Agent! "How to discuss our auction of Bob's home with him?"   Ask Realtor Agent! "How do we obtain a confession from Bob?"  Ask District Attorney Agent! 2 But why would Bob's data reside within AI agents? We have a fascination with androids. One part of this fascination includes the idea of ' self-repair .'  Many of us long for the ability to diagnose and cure ourselves without the need to expose ourselves to other humans, like doctors and nurses, for example.  We'd much prefer tiny sensors throughout our bodies that could signal to us when/how we might need to alter our metabolisms.  Yet who —besides a tech bro —can make the sensors and/or digital assistant? Who can program the assistant, much less afford the things to begin with?  No worries. Firms around the world are already testing various solutions! Soon all one will have to do is surrender oneself and all will be...
Read more

Hamza Chaudhry

"Although a nuclear confrontation based on fake intelligence may seem unlikely, the stakes during crises are high and timelines are short, creating situations where fake data could well tilt the balance toward nuclear war. "The evolution of nuclear systems has led to further ambiguity in crises and shorter timeframes for verifying intelligence. An intercontinental ballistic missile from Russia could reach the U.S. within 25 minutes. A submarine-launched ballistic missile could arrive even sooner.  "Many modern missiles carry ambiguous payloads, making it unclear whether they are nuclear-tipped. AI tools for verifying the authenticity of content are not sufficiently reliable, making this ambiguity difficult to resolve in a short window. "The likeliest nuclear hotspots are also the arenas involving actors with low levels of trust on both sides — be that the U.S. and the Chinese Communist Party or Russia, or India and Pakistan. Even if communication is established in a...
Read more

Supporting Artistes (SAs)

"Dave Watts, an experienced SA who has appeared in numerous superhero movies and major productions, has been scanned several times. He said there were wider implications for the industry. "'I already hear crew members saying: To be honest, we don’t even need to do this any more. We can just ask AI to create a crowd of 1,000 people based on information which has already been captured [by body scanning],' he said. "'If you don’t have your usual crowd of 100, 200 or 500 SAs on a big production, then you also don’t need the assistant directors that look after them, and you don’t need the hair and makeup people. You don’t need the costume people, the costume fittings, all the caterers, all the drivers and location marshals. There’s a whole range of jobs there that AI effectively puts at risk'."
Read more