Mondez

So all the bad things of both, still a proprietary product that you can funnel your cotent through servers you don't control while simultaneously not being plex.

The misunderstanding that funneling your data through plex servers is functionally equivalent to exposing it to the internet.

Humans generally make mistakes in predictable patterns and can learn from them to improve their output.

Must've been an LLM generated factoid.

It's states they were produced which I'm taking to mean found and it's ambigously worded so it's unclear if the article is actually claiming it generated PoC for all of them. It doesn't say how many if any hallucinated results were produced or how much effort was needed to fully confirm, basically down played the human involvement.

It's great that so many bugs are being found and squashed but it's implied LLMs are doing all the work when what they are actually doing is assisting as a tool.

I was trying to have some insightful discussion on the actual capability of LLM which is difficult when the involvement of the human element is played down amd the role of the LLM is played up to feed the hype machine. It's hard to acknowledge the real capabilities and weaknesses when the capabilities are always over reported and the weaknesses down played or denied.

It's great that so many bugs are getting discovered but as I say there is no reporting on what effort was needed to sift and review the LLM output or how functional or understandable any PoC were... The article doesn't directly even state the PoC were directly produced by the LLM and reads very ambigously.

What these articles never say is how many hallucinated bugs the LLM found that either weren't real or were actually exploitable. The LLM didn't find these with any confidence it highlighted areas of interest that actual security researchers then needed to investigate and confirm or rule out.

On the code development front it's even worse as now you have an unpredictable cost based on token consumption rather than the predictable cost of a salary and have no leverage to negotiate the cost.

Mate, you've lost the plot if you comparing you letting your AI agents run over somone elses code base and getting screwed by it being in anywhere remotely similar to that 3rd party repo raping you. The rest if us were trying to have a serious conversation.

If you have an AI agent that you've given away your agency to to make calls like dropping databases or wrecking your code then you kinda did though. Perhaps you didn't knowingly introduce these gaping security holes, fool me once shame on you and all that. Are you going to change your security posture and limit the LLMs access and reduce how much you let it do your home work for you now? Otherwise it's on you next time it fucks up.

People are pushing back against widespread abuse of LLM technology in workflows it's a poor fit for and generates poor results for that are being built on current cost assumptions that are being massively subsidised by those pushing LLM solutions. When they flip to the "profit" stage of the plan and costs go up 5x or even 10x those workflows are going to look a lot less attractive for the poor results they generate. It's also being used as a smoke screen for layoffs it's not really responsible for which isn't helping it's image.

Except that in this case it wasn't been used as a power tool, otherwise it wouldn't have been able to do anything without someone getting it to. It's more akin to someone leaving a power tool lying around with a more saying "use this as you like" and then didn't like that somone took down their garden shed with it.