<![CDATA[As a certified AI Hater, I do have to say: We seem to have found one (1) use-case for LLMs where they're useful and (can be) prosocial: Finding software vulnerabilities.]]>As a certified AI Hater, I do have to say: We seem to have found one (1) use-case for LLMs where they're useful and (can be) prosocial: Finding software vulnerabilities.

This wasn't true a few months ago, but it seems the scales have finally tipped.

It ticks the boxes for me:

- Verifiable
- "Generative" aspect is limited
- Utility that isn't just replacing human labor

(I don't *like* it, and I don't know how the overall cost/benefit shakes out, but... this does seem to be legit. Just be wary of the hype.)

]]>https://board.circlewithadot.net/topic/9b795f60-915f-4805-8ba2-ad9aa4612413/as-a-certified-ai-hater-i-do-have-to-say-we-seem-to-have-found-one-1-use-case-for-llms-where-they-re-useful-and-can-be-prosocial-finding-software-vulnerabilities.RSS for NodeFri, 05 Jun 2026 19:51:47 GMTWed, 13 May 2026 03:15:14 GMT60<![CDATA[Reply to As a certified AI Hater, I do have to say: We seem to have found one (1) use-case for LLMs where they're useful and (can be) prosocial: Finding software vulnerabilities. on Wed, 13 May 2026 11:33:59 GMT]]>Before reaching for an LLM for finding vulnerabilities in your own project, you should probably still be:

- Testing
- Linting
- Running other existing, algorithmic static analysis tools for security
- Fuzzing
- Looking at new and existing security bugs and looking for other bugs of the same type *and* findings ways to make each type of bug harder to introduce in the future

With those already in place, LLMs still don't seem to have a major advantage. I'm curious whether that will change, though.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/varx/statuses/116567050778125333https://board.circlewithadot.net/post/https://infosec.exchange/users/varx/statuses/116567050778125333Wed, 13 May 2026 11:33:59 GMT