One Article Review
| Source |  GoogleSec |
|---|---|
| Identifiant | 8445278 |
| Date de publication | 2024-01-31 13:07:18 (vue: 2024-01-31 19:09:34) |
| Titre | Échelle de sécurité avec l'IA: de la détection à la solution Scaling security with AI: from detection to solution |
| Texte | Dongge Liu and Oliver Chang, Google Open Source Security Team, Jan Nowakowski and Jan Keller, Machine Learning for Security TeamThe AI world moves fast, so we\'ve been hard at work keeping security apace with recent advancements. One of our approaches, in alignment with Google\'s Safer AI Framework (SAIF), is using AI itself to automate and streamline routine and manual security tasks, including fixing security bugs. Last year we wrote about our experiences using LLMs to expand vulnerability testing coverage, and we\'re excited to share some updates. Today, we\'re releasing our fuzzing framework as a free, open source resource that researchers and developers can use to improve fuzzing\'s bug-finding abilities. We\'ll also show you how we\'re using AI to speed up the bug patching process. By sharing these experiences, we hope to spark new ideas and drive innovation for a stronger ecosystem security.Update: AI-powered vulnerability discoveryLast August, we announced our framework to automate manual aspects of fuzz testing (“fuzzing”) that often hindered open source maintainers from fuzzing their projects effectively. We used LLMs to write project-specific code to boost fuzzing coverage and find more vulnerabilities. Our initial results on a subset of projects in our free OSS-Fuzz service |
| Envoyé | Oui |
| Condensat | and how if today 160 300 abilities about across advancements against ai: alignment all allowed already also always announced any apace apply approach approaches are aspects august automate automated been before best boost bug bugs build building but c/c++ can categories caught chang cjson code codebases collaborations completely continue continued could coverage creating data detection developer developers development different discover discoverylast does doing dongge drive ecosystem effectively effectiveness encourage engineering engineers ensure exactly example excited expand expanded experiences experiment experiments fantastic far fast find finding fine fix fixes fixing fixingfuzzing framework free from fuzz fuzzed fuzzing gains generate generated generation google guidance had hard harnessing has have help hindered hope hours how human ideas improve improved improvements including increased indefinitely industry initial innovation inspired intakes interested itself jan keep keeping keller last leading learning libplist line liu llm llms long machine maintainers manual many marks measure models more more: most moves need needed new now nowakowski offered often oliver one open optimistic organizations oss other outsince own pace paper patch patched patching pipeline pipelines potential powered process project projects promising prompt prompts read recent recently releasing reliable remained reported research researcher researchers resolved resource resulting results review routine rust safer saif savings scaling secure security seeing selecting service share sharing should show significant similarly since software solution solutions some source sourced spark specific speed step streamline stronger struggle subset such summary sure tangible target targeted targets tasks team teamthe technology test testing than that: them then these those throughout time toll towards translate triaging try tuned two types uncovered undiscovered unexpected unfixed update: updates use used using vertexai very vulnerabilities vulnerability which wide widely without work world write wrote year years you your “fuzzing” |
| Tags | Vulnerability Patching Cloud |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.