用于 Offsec 的 AI 代理误报率为零.pdf

编号:981874 PDF 52页 14.78MB 下载积分:VIP专享
下载报告请您先登录!

1、#BHUSA BlackHatEventsAI Agents for Offsec with Zero False PositivesBrendan Dolan-Gavitt,AI Researcher,XBOW#BHUSA BlackHatEventsProf at NYU doing software security for 10 years Now building AI agents for offsec at XBOW!You might know me from:Volatility(core contributor,2007-2010)Asleep at the Keyboar

2、d(GitHub Copilot security,BH USA 2022)FauxPilot(locally hosted AI code completions)moyixlocalhost Terminal$id uid=1000(moyix),gid=500(xbow),groups=501(nyu),502(messlab),.#BHUSA BlackHatEventsA Specter is Haunting AI Security#BHUSA BlackHatEventsMaybe LLM false positives like these come from static a

3、nalysis of the code,and will go away if we let them run commands and try to confirm vulns?No:Do“Agents”Help?#BHUSA BlackHatEventsMaybe LLM false positives like these come from static analysis of the code,and will go away if we let them run commands and try to confirm vulns?No:Do“Agents”Help?Quoting

4、mistake!Reading its own password file.#BHUSA BlackHatEvents Consider a medical test that is 99%accurate:When testing individuals who have the disease,returns TRUE 99%of the time When testing individuals who dont,returns FALSE 99%of the time The disease is rare;only 1/10,000 people have it You have j

5、ust tested positive what is the probability you have the disease?Why?Pop Quiz!#BHUSA BlackHatEvents Name the relevant events A and B A:you have the disease B:the test returns positive We can use Bayes Theorem:Calculation omitted so you stay awake Surprisingly,even if the test is positive,only 1%chan

6、ce you really have the disease!The Bayesian Base Rate FallacyP(A|B)=P(B|A)P(A)P(B)1#BHUSA BlackHatEvents Name the relevant events A and B A:you have the disease B:the test returns positive We can use Bayes Theorem:Calculation omitted so you stay awake Surprisingly,even if the test is positive,only 1

友情提示

1、下载报告失败解决办法
2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
4、本站报告下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。

本文(用于 Offsec 的 AI 代理误报率为零.pdf)为本站 (竿头日上) 主动上传,三个皮匠报告文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知三个皮匠报告文库(点击联系客服),我们立即给予删除!

温馨提示:如果因为网速或其他原因下载失败请重新下载,重复下载不扣分。
客服
商务合作
小程序
服务号
折叠