Using LLMs to assist with code audits and vulnerability hunting is a really interesting direction. The article doesn't detail exactly how ChatGPT (o3) found this use-after-free vulnerability, though. Did it independently analyze and understand the flaw in the concurrency logic, or was it just doing pattern matching or fuzzing under human guidance?
I feel like the details are what determine whether this is a true milestone or just a great headline. Regardless, the era of automated AI vulnerability discovery might really be upon us, and the pace of offense vs. defense is about to get much faster.
I feel like the details are what determine whether this is a true milestone or just a great headline. Regardless, the era of automated AI vulnerability discovery might really be upon us, and the pace of offense vs. defense is about to get much faster.