Just because they‘re used everywhere doesn’t mean that we just have to accept them. Also doesn’t mean that LLMs are a good thing.
I think LLMs can be used as an (additional!) cyber security analysis tool, that’s honestly the only area in which it seems to be actually useful (right now). And most projects don’t reach the size in which spotting security risks spanning across many different modules is a relevant skill to have. So it should be used sparingly, on things like the linux kernel. Then the cost of it might even be worth it (but I also don’t want to know about the amount of hallucinated bugs it finds).
And I want to add: even though LLMs can identify cybersecurity risks, it doesn’t mean they are good at cybersecurity. They’re probably just as bad as in any other area. Also questionable if the actual positives outweigh the labor required to flag all the false-positives.
Just because they‘re used everywhere doesn’t mean that we just have to accept them. Also doesn’t mean that LLMs are a good thing.
I think LLMs can be used as an (additional!) cyber security analysis tool, that’s honestly the only area in which it seems to be actually useful (right now). And most projects don’t reach the size in which spotting security risks spanning across many different modules is a relevant skill to have. So it should be used sparingly, on things like the linux kernel. Then the cost of it might even be worth it (but I also don’t want to know about the amount of hallucinated bugs it finds).
And I want to add: even though LLMs can identify cybersecurity risks, it doesn’t mean they are good at cybersecurity. They’re probably just as bad as in any other area. Also questionable if the actual positives outweigh the labor required to flag all the false-positives.