The chatbot can crawl the code. (Photo: Shutterstock/Katerina Rica)
ChatGPT can crawl code faster than reviewers. In addition, the chatbot cannot be distracted by the programmer’s comments. However, he still has some weaknesses.
ChatGPT’s AI-powered chatbot makes itself useful in another way: Now AI helps a security company find security holes. It is used by the company Socket, which provides a security scanner for JavaScript and Python projects.
like side log I mentioned that ChatGPT has already identified 227 vulnerabilities in the company’s client code. The vulnerabilities themselves fall into different categories such as information theft, SQL injection, encrypted credentials, potential privilege escalation, and backdoors.
Virus Abu Khadija, CEO of Socket, was also enthusiastic about making ChatGPT: “It worked much better than expected,” he told The Register in an email. “Now I have a few hundred vulnerabilities and malware packages and we are rushing to report them as soon as possible.”
Editor’s recommendations
Not only is the AI capable of scanning code quickly, but it can’t be easily fooled. Programmers can leave comments in the code, for example to tell companies that the code is actually not problematic. However, ChatGPT still flags the code as problematic.
In an example, ChatGPT wrote: “The script collects information such as hostname, username, home directory, and current working directory and sends it to a remote server. Although the author claims that for bug bounty purposes, this behavior is still a privacy risk. The script also contains a blocking process that may cause performance issues or become unresponsive.”
The human reviewer can take such comments at face value or stop scanning the code under the comments. However, this does not prevent the AI bot from doing its job.
This all sounds like the perfect employee, but ChatGPT also has its weaknesses. For example, AI has problems with larger amounts of code. Even if the code spans multiple documents, it is often difficult for the AI to generate the context.
“When malicious behavior is widespread enough, it’s hard to pull all the context into the AI at once,” Abu Khadija explained. “This is central to all adapter models that have a finite symbolic limit. Our tools try to work within these limits by integrating different data in the context of artificial intelligence.”
In addition, the high cost of running artificial intelligence is a problem that socket faces. The company has already managed to reduce this through a number of improvement measures. In addition, the service is provided to paying customers, thus money is pumped into the coffers.
“Subtly charming coffee scholar. General zombie junkie. Introvert. Alcohol nerd. Travel lover. Twitter specialist. Freelance student.”
More Stories
Silent Hill: Leaker: Trailers for several titles are coming soon
Better to delete it directly: the popular Android app is secretly eavesdropping on its users
Teufel Rockster Air is currently €100 cheaper – with free shipping