Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
The so -called intelligence intelligence, meaning Llm-low -quality photos, videos, and text, have acquired the Internet in the past two years, polluted Web sitesand Social media platformsAt least NewspapersAnd even Real world events.
Cyber security world is not fortified from this problem either. Last year, people all over the cybersecurity industry raised concerns about Bounty reports of artificial intelligence Language model This simply consists of weakness, then fill it in a professional writing.
“People receive reports that seem reasonable, and seem technically correct. Then you end up drilling in it, trying to know,” Oh no, where is this weakness? “,” RunsybilA startup that develops error fishermen operating from artificial intelligence, tell Techcrunch.
“It turned out that it was just a hallucination all the time. The technical details have been formed by LLM,” said Eunsco.
One of the problem is that LLMS is designed to be useful and provide positive responses. “If you ask him to obtain a report, it will give you a report. Then people will copy and paste them into Bug Bounty platforms and overcome the same platforms, overcome customers, and enter into this frustrated situation.”
“This is the problem that people are going through. Do we get a lot of things that look like gold, but in reality it is just foolishness,” said Ainsko.
Only last year, there were real examples of this. Harry Sentonn, a security researcher, revealed that the open source security project received a fake report. “The attacker was badly erred,” Centonin wrote In a post on Mastodon. “It can smell a shaver of AI of miles.”
In response to the participation of Centonin, Benjamin Biofil, from Open Collective, a technical platform for non -profit organizations, He said They have the same problem: their inbox “was immersed in the garbage of artificial intelligence.”
An open source developer, which maintains the Cyclonedx project on GitHub, They pulled a bug fully exposed them Earlier this year after receiving almost “artificial intelligence reports”.
The leading Bug Bounty platforms, which mainly act as mediators between infiltrators and companies ready to pay and reward them to find defects in their products and programs, are also witnessing a rise in reports created from artificial intelligence.
Contact us
Do you have more information about how artificial intelligence affects the cybersecurity industry? We would like to hear from you. From a non-work device and network, you can connect to Lorenzo Franceschi-bicchierai safe Email.
Michelle Brenz, co -founder and director of products management at Hackerone, Techcrunch that the company faced some slopes of intelligence.
“We have also seen a rise in false positives-weaknesses that seem real but created by LLMS and lack the influence of the real world,” said PRINS. “These low -signal application operations can create noise that undermines the efficiency of safety programs.”
PRINS added that reports containing “concrete weaknesses, mysterious artistic content, or other low -voltage noise forms are dealt with as undesirable messages.”
Casey Elis, founder of Bugccrowd, said that there are definitely researchers who use artificial intelligence to find errors and write the reports they are submitting to the company. Elis said they are witnessing a total increase of 500 requests per week.
“Artificial intelligence is widely used in most of the application processes, but it has not yet caused a significant rise in” SLOP “low -quality reports.” “This is likely to escalate in the future, but it is not here.”
Elis said that the Bugccrowd team, which analyzes the presentations, shows the reports that are used manually for playing drawings and workflow, as well as with machine learning and “help”.
To find out if other companies, including those that run their Bub Bounty programs, are also receiving an increase in unconfirmed reports or reports that contain weaknesses that are not present for hallucinations by LLMS, TECHCRUNCH Google, Meta, Microsoft and Mozilla.
The company, Diamo Damietta, the official spokesperson for Mozilla, who develops the Firefox browser, said that the company “has not witnessed a significant increase in error reports inappropriate or low -quality that appears to be created from artificial intelligence, or less than 10 % of all reports.
“Modla’s employees who review error reports on Firefox AI are not using reports, as it is likely to be difficult to do this without the risk of refusing to report legitimate errors,” Dimon said in an email.
Microsoft and Meta, companies that have severely subject to artificial intelligence, rejected the comment. Google did not respond to a request for comment.
IENESCU predicts that one of the solutions to the problem of high artificial intelligence is to continue to invest in systems that work with artificial intelligence materials, which can at least a preliminary review of review and accuracy.
In fact, on Tuesday, Hackerone Firing Hai Triage, a new triple system that combines humans and AI. According to Hackerone, this new system benefits from “artificial intelligence safety agents to overcome noise and science repetitions and define real threats priorities.” Then human analysts go to verify the correctness of error reports and escalating as needed.
While infiltrators are increasingly used LLMS and companies depend on artificial intelligence to photograph these reports, it remains to see any of AIS will prevail.