Josephine Wolff
👤 SpeakerAppearances Over Time
Podcast Appearances
We know that's true.
But if I'm exploiting a zero-day vulnerability, then the idea would be I can get into any system I want in the whole world because nobody's had a chance to patch that yet.
The bug bounties vary a little bit from company to company, but the general model is that tech companies will offer a reward or a bounty to people who don't work for them, but who discover vulnerabilities in their code and report them.
I think Fred's absolutely right to say we're going to see more and more AI-generated code, that we aren't going to have as much intuition for how it works or where the vulnerabilities may be.
But I think that's also in some ways a familiar problem.
When you think about code maintenance,
use an enormous amount of software that humans today don't really understand.
Not because it was written by AI, but because if you go to any big tech company that's been around for a decade or longer, there's some usually huge body of code that has been in their products for as long as anyone can remember.
And nobody knows exactly how it works, but they know that if you change anything, everything breaks.
So I would say already we have a little bit of this dynamic where there are languages that people used to code in that most people don't know anymore, where there's legacy code that we're sort of stuck with, but we don't fully understand or know how to debug.
And the question is going to be, what do we view as being the crucial sort of human touch elements here?
Or do we view there as being any, right?
Are there going to be people signing off on this?
If so, what does that entail?
What kinds of tests are they going to be running?
How good, how effective are those tests?
I think a lot of uncertainty there around how well we can assess any of these things using the AI tools themselves.
So I agree that it's worth thinking about and worth preparing for.
I also think that to some extent, this is a challenge we're already facing.
And I think there will definitely be new challenges and new potential adversaries, right?