Have you used an LLM to scan for vulnerabilities in an Open Source codebase?

Reply to Have you used an LLM to scan for vulnerabilities in an Open Source codebase? on Tue, 19 May 2026 09:14:44 GMT

spraoi@tooting.ch — Tue, 19 May 2026 09:14:44 GMT

@evan @coldfish

I've been trying to work out how to run it under Pytorch to see what it can do.

Reply to Have you used an LLM to scan for vulnerabilities in an Open Source codebase? on Tue, 19 May 2026 02:15:44 GMT

coldfish@sfba.social — Tue, 19 May 2026 02:15:44 GMT

@evan yeah, I saw that the other day. Pretty sure it's going to be default, like having spell check.

Reply to Have you used an LLM to scan for vulnerabilities in an Open Source codebase? on Tue, 19 May 2026 00:21:30 GMT

evan@cosocial.ca — Tue, 19 May 2026 00:21:30 GMT

@coldfish guess what?

Chrome silently installs a 4 GB local LLM on your computer

You did remember to opt out of AI, didn't you?

theregister (www.theregister.com)

Reply to Have you used an LLM to scan for vulnerabilities in an Open Source codebase? on Tue, 19 May 2026 00:14:13 GMT

coldfish@sfba.social — Tue, 19 May 2026 00:14:13 GMT

@evan I don't know. I think AI is just gonna be here whether we like it or not. I also think that we're going to be roped into it and suddenly it will magically get much more expensive.

So, I've been on a mission to find the "good" in what's happening here. I think if we get more local AI tools to offset the needs for "big AI" then we may be able to come to some kind of direction that isn't just a horrific dystopian future that I tend to see coming.

My last project: Do document analysis on Gemini, but handle all the vector embedding on Ollama locally. The thing is, so much can be done locally that it hard to believe that the next versions of Chrome or Office won't have an LLM built in, if only to offset the load on the remote AI.

Reply to Have you used an LLM to scan for vulnerabilities in an Open Source codebase? on Mon, 18 May 2026 23:21:19 GMT

mick@cosocial.ca — Mon, 18 May 2026 23:21:19 GMT

@evan no time like the present

Reply to Have you used an LLM to scan for vulnerabilities in an Open Source codebase? on Mon, 18 May 2026 23:07:21 GMT

manchicken@defcon.social — Mon, 18 May 2026 23:07:21 GMT

@evan I have used them for work because I was asked to.

Reply to Have you used an LLM to scan for vulnerabilities in an Open Source codebase? on Mon, 18 May 2026 22:52:21 GMT

evan@cosocial.ca — Mon, 18 May 2026 22:52:21 GMT

@coldfish you tell me!

Reply to Have you used an LLM to scan for vulnerabilities in an Open Source codebase? on Mon, 18 May 2026 22:07:30 GMT

reiver@mastodon.social — Mon, 18 May 2026 22:07:30 GMT

RE: https://mastodon.social/@reiver/116551433907294642

@evan

Yes, my open-source code-bases.

I find this one of the very useful use-cases for these tools. Using as it a code-reviewer to find bugs.

Reply to Have you used an LLM to scan for vulnerabilities in an Open Source codebase? on Mon, 18 May 2026 21:43:06 GMT

coldfish@sfba.social — Mon, 18 May 2026 21:43:06 GMT

@evan I use Ollama locally to scan my own files and server logs. Does that count?

Reply to Have you used an LLM to scan for vulnerabilities in an Open Source codebase? on Mon, 18 May 2026 21:08:26 GMT

funbaker@chaos.social — Mon, 18 May 2026 21:08:26 GMT

@evan hell no