当前位置:首页 > 报告详情

从HAL到HALT:在人工智能编码时代挫败天网的同胞.pdf

上传人: 竿*** 编号:981619 2025-11-29 24页 17.10MB

1、#BHUSA BlackHatEventsFrom HAL to HALT:Thwarting Skynets Siblings in the GenAI Coding EraChris WysopalCo-founder&CTO,Veracode Unites States Senate testimony-19 May 1998One of the 1st vulnerability researchers,member of hacker think tank,L0pht in 1990s Improve the Security of Your Product by Breaking

2、Into ItFounded stake security research team and then Veracode to build security into SDLCState of Software Security 2024Addressing the Threat of Security Debt50%40%30%20%10%0%age of application in(years)the honeymoon phase of applications where fewer flaws are introduced12345new flaws introduced by

3、application age8910Lets add the exciting potential of large language models that can write code!12Generating codeUnderstanding code/Code reviewRemediating defectsTranslating programming languagesCreating and maintaining unit testsWriting documentationDeveloper GenAI use right now13Learning about the

4、 code baseSearching for answers to avoid reinventing the wheelReading log files to find a root causeCreating and running functional&non-functional testsRemediating security vulnerabilitiesEmerging dev uses for GenAIPublic GitHub RepositoriesOpen-Source ProjectsDocumentation and CommentsThirds Party

5、Code(License Risk)Training Data SetLarge corpus of data that includes open web content.Large Language ModelsChatGPTCode GeneratorBardUser Result41%41%of Copilot produced code contain known security vulnerabilities.Large Language ModelUser PromptSecurity Implications of LLMsWuhan University Study on

6、AI Code GeneratorsStanford University Study on AI Code GeneratorsNew York University Study on GitHub CopilotPurdue University on ChatGPT accuracy36%Out of the 435 Copilot generated code snippets found in repos 36%contain security weaknesses,across 6 programming languages.Developers using LLMs were m

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,全文主要内容概括如下: - **软件安全现状**:应用在“蜜月期”后,新引入的缺陷随时间增加。 - **AI代码生成工具**:如Copilot和ChatGPT等工具,但生成的代码存在安全漏洞,如36%的Copilot代码和52%的ChatGPT答案存在错误。 - **AI代码生成风险**:包括数据中毒、知识产权侵权、偏见与公平性、递归学习和过时实践传播等。 - **AI与代码安全**:需在AI提示中包含安全考虑,尽可能自动化安全流程,包括自动修复。 - **关键数据**: - 41%的Copilot生成的代码含有已知安全漏洞。 - 52%的ChatGPT答案不正确。 - 77%的AI生成答案错误,尽管开发者有35%的时间偏好使用它们。
隐患知多少?" 安全风险大揭秘!" "AI时代,如何守护代码安全?"
客服
商务合作
小程序
服务号
折叠