Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.
couldn't ai, then also, break code faster than we could fix it ?
I mean, at a high level it is very much the concept of ICE from Gibson et al back in the day.
Intrusion Countermeasures Electronics. The idea that you have code that is constantly changing and updating based upon external stimuli. A particularly talented hacker, or AI, can potentially bypass it but it is a very system/mental intensive process and the stronger the ICE, the stronger the tools need to be.
In the context of AI on both sides? Higher quality models backed by big ass expensive rigs on one side should work for anything short of a state level actor... if your models are good (big ol' "if" that).
Which then gets into the idea of Black ICE that is actively antagonistic towards those who are detected as attempting to bypass it. In the books it would fry brains. In the modern day it isn't overly dissimilar from how so many VPN controlled IPs are just outright blocked from services and there is always the risk of getting banned because your wifi coffee maker is part of a botnet.
But it is also not hard to imagine a world where a counter-DDOS or hack is run. Or a message is sent to the guy in the basement of the datacenter to go unplug that rack and provide the contact information of whoever was using it.
In the context of AI on both sides? Higher quality models backed by big ass expensive rigs on one side should work for anything short of a state level actorβ¦ if your models are good (big olβ βifβ that).
Turns out Harlan Ellison was a goddamn prophet when he wrote I Have No Mouth And I Must Scream.
I have no clue how you think these two are related in any way, except for the word βAIβ occurring in both.
AI WRITES broken code. Exploiting is is even easier.
AI should start breaking code much sooner than it can start fixing it.
Maybe breaking isn't even far, because the AI can be wrong 90% of the time and still be successful.
Genius strategy:
Iβve already had to reverse engineer shitty old spaghetti code written by people who didnβt know what they were doing, so I could fix obscure bugs.
I can wait until I have to do the same thing for AI generated code.
If it's good enough for COBOL...
Ex-CISA head.
Thankfully.
I wonder why they don't work there anymore...
Execs and managers showing Dunning-Kruger in full effect.
At this point, they're just rage baiting and saying random shit to squeeze that bubble before it bursts.
AI is opening so many security HOLES. Its not solving shit. AI browsers and MCP connectors are wild west security nightmares. And that's before you even trust any code these things write.
As usual, the biggest advocates for AI are the ones who understand its limitations the least.
I have worked as a pentester and eventually a Red Team lead before leaving foe gamedev, and oh god this is so horrifiying to read.
The state of the industry was alredy extremely depressing, which is why I left. Even without all of this AI craze, the fact that I was able to get from a junior to Red Team Lead, in a corporation with hundreds of employees, in a span of 4 years is already fucked up, solely because Red Teaming was starting to be a buzz word, and I had passion for the field and for Shadowrun while also being good at presentations that customers liked.
When I got into the team, the "inhouse custom malware" was a web server with a script that pools it for commands to run with cmd.exe. It had a pretty involved custom obfuscation, but it took me lile two engagements and the guy responsible for it to leave before I even (during my own research) found out that WinAPI is a thing, and that you actually should run stuff from memory and why. And I was just a junior at the time, and this "revelation" got me eventually a unofficial RT Lead position, with 2 MDs per month for learning and internal development, rest had to be on engagements.
And even then, we were able to do kind of OK in engagements, because the customers didn't know and also didn't care. I was always able to come up with "lessons learned", and we always found out some glaring sec policy issues, even with limited tools, but the thing is - they still did not care. We reported something, and two years ago they still had the same bruteforcable kerberos tickets. It already felt like the industry is just a scam done for appearances, and if it's now just AIs talking to the AIs then, well, I don't think much would change.
But it sucks. I love offensive security, it was really interresting few years of my carreer, but ot was so sad to do, if you wanted to do it well :(
I tried using AI in my rust project and gave up on letting it write code. It does quite alright in python, but rust is still too niche for it. Imagine trying to write zig or Haskell, it would make a terrible mess of it.
Security is an afterthought in 99.99% of code. AI barely has anything to learn from.
If you're using Hannah Montana Linux you can just open a terminal and type "write me ____ in the language ____" and the Hannai Montanai will produce perfectly working code every time.
Still not sure if joking.
Hannah Montana Linux is serious business. I would never joke about Hannah Montana Linux.
It does quite alright in python
That's cause python is the most forgiving language you could write in. You could drop entire pages of garbage into a script and it would figure out a way to run properly.
SchrΓΆdinger's AI: It's so smart it can build perfect security, but it's too dumb to figure out how to break it.
Ha ha ha ha ha!
Oh wait, you're serious. Let me laugh even harder.
HA HA HA HA HA!
Not with any of the current models, none of them are concerned with security or scaling.
It takes a good person with ~~a gun~~ AI to stop a bad person with ~~a gun~~ AI.
Ah yes, I'm sure AI just patched that software so that other AI could use that patched software and make things so much more secure. What a brilliant idea from an Ex-CISA head.
Because then Security would be non-existent.
The S in AI stands for security.
ahahahaha
Oh, you're serious. Let me laugh even harder.
AHAHAHAHA
Is that why she's Ex-CISA? π€£
Clearly she's never seen AI code.
Fix what code? The code it broke or wrote like shit in the first place?
Ron Howard narrator: Actually, they would need more.
One of the most idiotic takes I've read in a long time
All these brainwashed AI-obsessed people should be required to watch I, Robot on loop for a month or two.
Except that most risks are from bad leadership decisions. Exhibit A: patches exist for so many vulnerabilities that remain unpatched because of bad business decisions.
I think in a theoretical sense, she is correct. However, in practice things are much different.
My old job had so many unpatched servers, mostly Linux ones. Because of the general idea that "Linux is safe anyway". And because of how Windows updates would often break critical infrastructure, so they were staggered and phased.
But we've seen plenty of infected Linux packages since, so it's almost a given there's huge open holes in that security somewhere.
If an AI can be used for automatic scalable defense, it can also be used offensively. It'll just be another digital arms race between blackhats and everyone else.
The look on her face in the thumbnail matches the title perfectly.
Who is paying her?
I just asked an AI what the minimum wage was in 2003 in the UK and it told me that it was Β£4.50 and that on a 40 hour work week, that came out to 18k a year... But sure, trust it to write and fix code...