A key software security challenge banks and other regulated entities face is detecting malicious code planted by insiders. Peer code review appears to be the most effective (under the right circumstances), with static analysis a very distant second. Source code reviews may detect suspect insider code, but from first hand experience it's quite hit and miss and depends on the scope and intent of the review work, the size of the code base, the familiarity of the code reviewer(s) with not just the source code, but the build chain and glue scripts.

Key question: where does GPT-3 auditor do well, and where does it struggle? - Review the samples included and the results - Test GPT-3 auditor against famous backdoors - how does it fare? - Can one or more classes of back door be consistently flagged for human review?