• irmadlad@lemmy.world
    link
    fedilink
    English
    arrow-up
    93
    arrow-down
    2
    ·
    1 day ago

    A separate vulnerability in Linux allows users with limited rights to escalate to root. Tracked as CVE-2026-43499, it lurked in the OS for 15 years. Researchers from Nebula Security said they discovered it using Vega, Nebula’s AI-assisted vulnerability scanner. Matt Lucas, a researcher and founder of RedEye Security, explained

    This will become more and more common as we use AI to find vulnerabilities faster (hopefully) than bad actors can use AI to find vulnerabilities.

    • mnemonicmonkeys@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      13
      arrow-down
      1
      ·
      14 hours ago

      Keep in mind that the rate of errors caught by AI will not be consistent. It will drop off over time.

      While I’m no fan of AI, that has nothing to do with it. Adding AI to error detection suites is (mostly) fine so long as you don’t remove more tradional methods like code review, manually set up unit tests, and properly reviewing each failed test instead of just letting the AI slop in a patch.

      My point is that any test you add to an existing codebase is going to catch a decent number of issues at first, then over time it will drop off as pre-existing issues get resolved. Then you’ll be left with the lower rate of new issues from updates.

      AI isn’t a silver bullet. It (sometimes) is another tool in the toolbox.

      • irmadlad@lemmy.world
        link
        fedilink
        English
        arrow-up
        8
        arrow-down
        1
        ·
        14 hours ago

        AI isn’t a silver bullet. It (sometimes) is another tool in the toolbox.

        I would fully agree with that statement.

      • mlg@lemmy.world
        link
        fedilink
        English
        arrow-up
        38
        arrow-down
        2
        ·
        edit-2
        1 day ago

        20 years of hoarding CVEs down the drain.

        Now they’ll never be able to gg ez their way into any country and will have to actually use their bribery budget to get more implants lol.

        • sp3ctr4l@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          23
          arrow-down
          2
          ·
          edit-2
          1 day ago

          Which means the new paradigm will be ‘every piece of hardware is a supply chain attack.’

          cough TPM 2 cough

        • Reannlegge@lemmy.ca
          link
          fedilink
          English
          arrow-up
          16
          arrow-down
          1
          ·
          1 day ago

          If they leave it out someone else will find it, the days of leaving things out deliberately past.

    • lambalicious@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      9
      arrow-down
      33
      ·
      1 day ago

      as we use AI to find vulnerabilities faster (hopefully) than bad actors can use AI to find vulnerabilities.

      Oh small, simple child: who do you think has the better access to AI in the first place?

      • Fedizen@lemmy.world
        link
        fedilink
        English
        arrow-up
        25
        arrow-down
        2
        ·
        edit-2
        1 day ago

        This is a reminder that US scientists during the cold war thought fish were russian subs because they didn’t have biologists on staff

        Judging by the way they’ve treated big companies in the past the NSA is staffed by a bunch of people who use backroom deals with US tech companies to collect their data mostly.

        I actually think a large plurality of them spend most their time tracking/stalking their wives and like people they argued with the day before.

        • lambalicious@lemmy.sdf.org
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          14 hours ago

          You start as a bully when a kid, then grow up to be a fash / nazi, then they give you a badge and the ability to institutionalize your hate.

      • irmadlad@lemmy.world
        link
        fedilink
        English
        arrow-up
        12
        arrow-down
        5
        ·
        1 day ago

        small, simple child:

        Didn’t downvote you but…

        LOL! The level condescension sure is right on point Lemmy.That genuinely got a chuckle. In some ways I enjoy being that simple child. Full of wonderment at this universe around him.

      • pienz@feddit.org
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        2
        ·
        1 day ago

        The companies who are training AI… On Linux servers?

        Wait no, obviously smaller actors you’re referring to with your mysterious comment.

        Or maybe all the follow on tech companies that are the largest customers using AI aaand who also mostly use Linux

        No no I’ve got it wrong, US government entities want a backdoor so restrict AI releasing, then during that window exploit non-US companies using Linux