upvote

points

by dgellow14 hours ago |
comments
upvoteby saghm6 hours ago|
next
[-]
> I’m considering that the amount of vulnerable software in the wild is very, very large

I'd imagine this set is very similar to just "the set of software on the world". Even before the AI stuff, it was a pretty good bet at any given software had some vulnerability; it was just a question of how easy to was to find it.

reply
upvoteby dgellow2 hours ago|
parent|
[-]
Yes, that’s my point. Look at how fast the Calif team tackled that macOS issue. Against the top company in the world. One week from bug to exploit. In 2-5 years things will be really wild for everybody out there. We released a technology that make it possible to design extremely complex exploits at a scale we never had to face before. What does that mean if you’re not the top company? Things will be really bad
reply
upvoteby bottlepalm11 hours ago|
prev|
[-]
It makes you think will everything need to be rewritten from the ground up - potentially by AI itself, or AI having a very heavy hand in validating all of it.
reply
upvoteby Gigachad11 hours ago|
parent|
[-]
There's so much much lower hanging fruit. Every job I've had has had basically everything massively out of date. Just keeping packages and framework versions up to date is a full time job and none of these companies have someone assigned to doing it.

So much out of date software with known exploits left running for years. The only reason there hasn't been total disaster is no one has tried to hack it yet.

reply
upvoteby bottlepalm10 hours ago|
parent|
[-]
Right and with AI now we have the ability to try hacking everything all at once.
reply
upvoteby dgellow2 hours ago|
parent|
[-]
Yes, exactly, that’s the main change. And not just in a script kiddy way. What we see now is LLM + experts can develop extremely complex exploit chains in no time. It’s one thing to exploit a known vulnerability that you can patch by upgrading your Wordpress, it’s something else when the attacker is able to completely take over your systems in ways you didn’t even consider was possible and adapt in 1 day to your attempts at patching
reply
upvoteby Gigachad27 minutes ago|
parent|
[-]
For now, after the dust settles all of the low hanging fruit will have been patched and we will have hurried up the move to safer languages.

The root problem is the world runs on C code that is riddled with vulnerabilities.

reply