Submitted 5 days ago by monetaryabyss@lemmy.linuxuserspace.show to news@lemmy.linuxuserspace.show
Maybe if they took security even remotely seriously and made a functioning sandbox (that apps can’t trivially opt themselves out of), we wouldn’t have to care whether an app was AI generated or not.
Yes, containers/sandboxes have vulnerabilities that really clever attackers can exploit, but AI generated slop can’t.
took security even remotely seriously
There’s a reason they’re at SLSA1 . And this is it.
Plot twist: SLSA4 has been achievable since like 1998. Sit DOWN, Debian.
Yes, containers/sandboxes have vulnerabilities that really clever attackers can exploit, but AI generated slop can’t.
Wait are you suggesting that AI slop code can’t have vulnerabilities? Cause… that’s hilariously not even remotely true. It’s a huge issue in SecOps, it was even an issue in the past when humans didn’t have a “easy” button and every vibe coder dumped commits. It’s way worse now because a lot of the vibe coded shit isn’t checked, and the people who produce it have no clue what the fuck it does in the first place.
Wait are you suggesting that AI slop code can’t have vulnerabilities?
I think they mean “containers can have security vulnerabilities, but you need to be cleaver to exploit them, AI slop is not clever enough to exploit those vulnerabilities”
Speaking broadly: Plenty of other issues or security vulnerabilities can exist that a good sandbox won’t catch. Like software can insecurely store and transmit passwords, have bad randomness for something security sensitive, secretly be mining crypto behind the scenes and burn through battery/electricity, etc.
hperrin@lemmy.ca 5 days ago
That’s some good news.