Sign in / up

back to article Google's AI bug hunters sniff out two dozen-plus code gremlins that humans missed

Google's OSS-Fuzz project, which uses large language models (LLMs) to help find bugs in code repositories, has now helped identify 26 vulnerabilities, including a critical flaw in the widely used OpenSSL library. The OpenSSL bug (CVE-2024-9143) was reported in mid-September and fixed a month later. Some, but not all, of the …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. O'Reg Inalsin

    Whodoneit

    "As far as we can tell, this vulnerability has likely been present for two decades and wouldn't have been discoverable with existing fuzz targets written by humans,"

    Yes, but it was still experts who knew a lot about fuzz targets that ultimately guided and enabled the system to do it.

    7 0 Reply
  2. IGotOut Silver badge

    One question....

    ....how many false positives?

    8 0 Reply
  3. sedregj Bronze badge
    Windows

    Important? You decide.

    "Thus the likelihood of existence of a vulnerable application is low."

    "Due to the low severity of this issue we are not issuing new releases of OpenSSL at this time."

    No.

    1 0 Reply
    1. alcachofas
      Reply Icon

      Re: Important? You decide.

      Ha, good spot.

      I was reading the article and thinking “critical flaw in OpenSSL? I feel like we should have heard about that already”

      Reading the linked bug report makes it clear why we haven’t…

      2 0 Reply
  4. Anonymous Coward
    Anonymous Coward

    Infinite Number of Monkeys

    Syndrome.

    3 0 Reply
  5. Andy The Hat Silver badge

    Who gave it bad training data?

    Wonder whose bug-ridden code they used to train the model?

    2 0 Reply
  6. Wang Cores

    A bulletin from the Organization For Truthiness

    Brave comrades of the glorious stockholder revolution --

    Your managers, the humble servants who are charged with the most solemn duties of the revolution, have discovered NEW EFFICENCIES WITH THE REVOLUTIONARY TECHNOLOGY OF OSS-FUZZ.

    This promises prosperity for all, but especially the organs of democracy in the private sector. The worker shall have the burden of paying employment lifted from their shoulders in due time.

    GLORY TO THE SHAREHOLDERS

    0 1 Reply
  7. Roland6 Silver badge

    Does Amazon know something about the limitations of AI that Google don’t?

    AWS will pay devs to verify Rust standard library because of 7,500 unsafe functions and enormity of task

    0 0 Reply
  8. druck Silver badge

    At last a use for AI

    Throwing unexpected random crap at APIs is an ideal use for gen AI, expecting it to be able to patch the code properly - madness.

    1 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like