Techly NewsGet the app

Get the latest tech news

Using Large Language Models to Catch Vulnerabilities


Posted by the Big Sleep team Introduction In our previous post, Project Naptime: Evaluating Offensive Security Capabilities of Large L...

Today, we're excited to share the first real-world vulnerability discovered by the Big Sleep agent: an exploitable stack buffer underflow in SQLite, a widely used open source database engine. However, given this explanation of the vulnerability – it's not trivial (at least for us) as human researchers to understand precisely how to trigger it – clearly a constraint on the ROWID column would be a good starting point, but more detailed reading of the code would certainly be required. However, it seems the bug can only be quickly found if the corpus contains an example very close to the crashing input, as code coverage doesn't appear to be a reliable guide for this particular issue.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Vulnerabilities

Vulnerabilities

Related news:

News photo

Apple Shares Private Cloud Compute Virtual Research Environment, Provides Bounties for Vulnerabilities

News photo

Systems used by courts and governments across the US riddled with vulnerabilities

News photo

Chrome bug hunters can earn up to $250,000 for serious vulnerabilities now - here's how

« Audible is offering three months for $3 in an early Black Friday deal
Intel's Future Laptops Will Have Memory Sticks Again »