I believe that the line was constructing exploits for bugs, not bug finding. This seems a reasonable cutoff to me, since bugs are revealed in security patches and pull requests (for open source).
replyIf you are to believe Anthropic, Fable was export controlled for bug finding, not for exploit construction. They seem to be working to make this the "bright line" for LLMs being a national security risk. My guess is that will be the case they take to Washington this week.
Exploit construction is generally considered trivial vs. finding a vulnerability.
replyThis is why responsible/coordinated disclosure exists in the first place.
You dont block either.
replyThe factory does decent software engineering - for which it can also use the same llm - so that when an attacker does either, a sota llm does not find bugs to exploit.
Sarcastically? Dario will tell you what to do. You should just follow his divine guidance.
reply