Hacker News with Generative AI: Vulnerability Research

Speedrunners are vulnerability researchers, they just don't know it yet (zetier.com)
Thousands of video game enthusiasts are developing experience in the cybersecurity industry by accident. They have a fun hobby, pouring over the details of their favorite games, and they don't know they could be doing something very similar… by becoming a vulnerability researcher.
Cybersecurity, Video Games, Vulnerability Research, Gaming
365 points by chc4 55 days ago | 88 comments
Using Large Language Models to Catch Vulnerabilities (blogspot.com)
In our previous post, Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models, we introduced our framework for large-language-model-assisted vulnerability research and demonstrated its potential by improving the state-of-the-art performance on Meta's CyberSecEval2 benchmarks. Since then, Naptime has evolved into Big Sleep, a collaboration between Google Project Zero and Google DeepMind.
Security, Artificial Intelligence, Vulnerability Research, Google
175 points by sigmar 176 days ago | 29 comments
Escaping the Chrome Sandbox Through DevTools (ading.dev)
This blog post details how I found CVE-2024-6778 and CVE-2024-5836, which are vulnerabilities within the Chromium web browser which allowed for a sandbox escape from a browser extension (with a tiny bit of user interaction). Eventually, Google paid me $20,000 for this bug report.
Security, Web Browsers, Chrome, Vulnerability Research, Software Bugs
407 points by vk6 191 days ago | 77 comments
Advancing Memory Safety (googleblog.com)
Error-prone interactions between software and memory1 are widely understood to create safety issues in software. It is estimated that about 70% of severe vulnerabilities2 in memory-unsafe codebases are due to memory safety bugs. Malicious actors exploit these vulnerabilities and continue to create real-world harm. In 2023, Google’s threat intelligence teams conducted an industry-wide study and observed a close to all-time high number of vulnerabilities exploited in the wild.
Security, Software Development, Programming Languages, Vulnerability Research
89 points by vsgherzi 193 days ago | 122 comments