Yes and LLMs also shift the economics for writing new versus reusing code as well as generating attacks so I think we’ll see some odd variations of old bugs which can’t be widely attacked (not many copies in the world) but might be surprising to someone thinking that problem has been solved (like what happened with Cloudflare’s experimental OAuth library).
That last part is really interesting to me: humans are notoriously bad at things like looking at a large block of code and recognizing that something is missing from the middle. Offensive LLMs guided by control flow analysis are probably going to do some really interesting things finding flaws in that bespoke code but I bet most companies jumping on the vibe-coding bandwagon aren’t going to invest nearly as much.
Yes and LLMs also shift the economics for writing new versus reusing code as well as generating attacks so I think we’ll see some odd variations of old bugs which can’t be widely attacked (not many copies in the world) but might be surprising to someone thinking that problem has been solved (like what happened with Cloudflare’s experimental OAuth library).
[flagged]
That last part is really interesting to me: humans are notoriously bad at things like looking at a large block of code and recognizing that something is missing from the middle. Offensive LLMs guided by control flow analysis are probably going to do some really interesting things finding flaws in that bespoke code but I bet most companies jumping on the vibe-coding bandwagon aren’t going to invest nearly as much.