Sort by:  

Conference:  Defcon 31
Authors: Xavier Cadena

Large Language Models are already revolutionizing the software development landscape. As hackers we can only do what we've always done, embrace the machine and use it to do our bidding. There are many valid criticisms of GPT models for writing code like the tendency to hallucinate functions, not being able to reason about architecture, training done on amateur code, limited context due to token length, and more. None of which are particularly important when writing fuzz tests. This presentation will delve into the integration of LLMs into fuzz testing, providing attendees with the insights and tools necessary to transform and automate their security assessment strategies. The presentation will kick off with an introduction to LLMs; how they work, the potential use cases and challenges for hackers, prompt writing tips, and the deficiencies of current models. We will then provide a high level overview explaining the purpose, goals, and obstacles of fuzzing, why this research was undertaken, and why we chose to start with 'memory safe' Python. We will then explore efficient usage of LLMs for coding, and the Primary benefits LLMs offer for security work, paving the way for a comprehensive understanding of how LLMs can automate tasks traditionally performed by humans in fuzz testing engagements. We will then introduce FuzzForest, an open source tool that harnesses the power of LLMs to automatically write, fix, and triage fuzz tests on Python code. A thorough discussion on the workings of FuzzForest will follow, with a focus on the challenges faced during development and our solutions. The highlight of the talk will showcase the results of running the tool on the 20 most popular open-source Python libraries which resulted in identifying dozens of bugs. We will end the talk with an analysis of efficacy and question if we'll all be replaced with a SecurityGPT model soon. To maximize the benefits of this talk, attendees should possess a fundamental understanding of fuzz testing, programming languages, and basic AI concepts. However, a high-level refresher will be provided to ensure a smooth experience for all participants.
Conference:  Defcon 31
Authors: Dr. Craig Martell Chief Digital and AI Officer at the Department of Defense

In 1979, NORAD was duped by a simulation that caused NORAD (North American Aerospace Defense) to believe a full-scale Soviet nuclear attack was underway. This only legitimized the plot in the 1983 classic, War Games, of the possibility of a computer making unstoppable, life-altering decisions. On the 40th anniversary of the movie that predicted the potential role of AI in military systems, LLMs have become a sensation and increasingly, synonymous with AI. This is a dangerous detour in AI’s development, one that humankind can’t afford to take. Join Dr. Martell for an off-the-cuff discussion on what’s at stake as the Department of Defense presses forward to balance agility with accountability and the role hackers play in ensuring the responsible and secure use of AI from the boardroom to the battlefield.
Conference:  Transform X 2022
Authors: Aidan Gomez

tldr - powered by Generative AI

The speaker discusses the practical applications and limitations of large language models, and emphasizes the importance of making the technology accessible to developers. They also address concerns around bias in data and the need for monitoring and mitigation.
  • Large language models can be used for creative applications such as world building in gaming and pro-social technology to create healthier online communities
  • The technology requires deep contextual understanding of language and sentiment analysis
  • To drive adoption, the interfaces onto the text need to be made easier for developers to use
  • Data filtration and monitoring are necessary to mitigate bias and prevent misuse
  • The speaker is excited about the potential for models to use tools and references in the world to improve efficiency