Terci, 8 months ago

@bagder Technically, all LLM answers are hallucinations... It's just as much a coincidence that sometimes they are correct as they are incorrect.

lewiscowles1986, 8 months ago

@bagder
can you ban a user for that?

bagder, 8 months ago

@lewiscowles1986 I'm sure I can. And if it repeats I will.

noxypaws, 8 months ago

@bagder "the Bard"

snail, 8 months ago

@bagder Which issue number is this? I wanted to read it for amusement value but can't spot it

bagder, 8 months ago

@snail it was submitted as a security problem over at hackerone and we have not disclosed it, simply because its not worth spending time on

snail, 8 months ago

@bagder Fair enough, and that makes a lot more sense in hindsight than submitting "security issues" on public GitHub!

Really hope this doesn't become a trend though😞

MontgomeryGator, 8 months ago

@bagder No, there's a flaw there. It's just not in curl, it's in users.

It's a whole new level of threat, one that comes from an attacker that can social engineer users into doing harm without itself being malicious or even sentient.

Can we CVE users?

matunos, 8 months ago

@bagder maybe they should ask Bars for the definition of "replicate"

editer, 8 months ago

@bagder "It's basically any straight guy in a bar."

QuatermassTools, 8 months ago

@bagder “Fuck off and die, AI”

icecoldsquirrel, 8 months ago

@bagder this even managed to appear on Fefes Blog

https://blog.fefe.de/?ts=9bdbf6c1

andrei_chiffa, 8 months ago

@bagder FFS

Newk, 8 months ago

@bagder

Maybe it knows something! :thinking:​

harrysintonen, 8 months ago

@bagder

fridgehead, 8 months ago

@bagder when we recruit we send the interviewee a bunch of code puzzles (no pressure to complete them but works in their favour if they do some). Guess how long it was before we started seeing chatgpt answers?

arunmani, 8 months ago

@bagder "README.md typo MR" makers after meeting "ChatGPT-powered MR" makers:
Finally a worthy opponent!

mort, 8 months ago

@bagder The fact that people think of asking these chat bots as "search" is so terrifying and 100% on the search engine companies who have positioned AI chat as part of their search engine.

Khalic, 8 months ago

@bagder them calling it “the bard” is icing on the cake

synlogic, 8 months ago

@Khalic @bagder not even a bard. but The Bard

KHoos, 8 months ago

@bagder ugh, wading through nonsense like this with maybe something real hiding in the new reports

tymwol, 8 months ago

@bagder "closed as hallucinated"

jan, 8 months ago

@bagder I hope this isn't a sign of things to come... We'll be wasting a lot of time.

bagder, 8 months ago

@jan I'm pretty sure this will get worse before it can get better - and I bet in future reports they will hide the fact it came straight from AI better...

benbe, 8 months ago

@bagder @jan You are assigning those people too much credit …

JungleGeorge24, 8 months ago

@bagder "searched in the Bard" 😭😂😂😂💀

bagder, 8 months ago

@JungleGeorge24 I considered it wiser to not dig too deep into the details behind this...

sebsauvage, 8 months ago

@bagder
Duh. :facepalm:

GossiTheDog, 8 months ago

deleted_by_author

timhaines, 8 months ago

@GossiTheDog @bagder please no

GossiTheDog, 8 months ago

deleted_by_author

dascandy42, 8 months ago

@GossiTheDog @timhaines @bagder There should almost be a fine for people knowingly submitting false or AI generated reports.

bagder, 8 months ago

@dascandy42 @GossiTheDog @timhaines fortunately, at least on hackerone, there's a "reputation" for the hacker that gets a dent when they do this.

dascandy42, 8 months ago

@bagder @GossiTheDog @timhaines I typed "almost", because this is going to create a situation similar to StackOverflow, where new users are almost unable to report anything.

bagder, 8 months ago

@dascandy42 @GossiTheDog @timhaines yeah, that would not be good either! ☹️

ascherbaum, 8 months ago

@GossiTheDog @timhaines @bagder Can you charge these people instead, if the claim turns out to be bogus? After all, they wasted your time and did not do any research on their own.

dcoderlt, 8 months ago

@GossiTheDog
“Hey Siri, make me look smart”

bagder, 8 months ago

@GossiTheDog @timhaines it is fine as long as that they mention "AI", "Bard" or similar early on in the report so that we can discard it quicker. =)

gabriel, 8 months ago

@bagder @GossiTheDog @timhaines I would tell them next time to ask the Bard to write about the issue talking like a pirate, so that at least you can laugh before blocking them to death.

anonymous, 8 months ago

@bagder @GossiTheDog @timhaines
Careful. #bruceschneier wrote in #ahackersmind that there are AIs playing Hacker-CTF including finding and exploiting vulnerabilities. He guesses that AI will routinely beat humans in less than a decade. So current popular LLMs may not be capable to find vulnerabilities and maybe never will be, but other AIs probably will be. And that would change the game.
https://en.wikipedia.org/wiki/2016_Cyber_Grand_Challenge

bagder, 8 months ago

@anonymous @GossiTheDog @timhaines "less than a decade" still allows us quite a long time to keep being snarky when people fail to apply common sense to their weird LLM outputs...

anonymous, 8 months ago

@bagder @GossiTheDog @timhaines
He he. Yes. Still interesting to see. And there is at least one commercial product in this area already. https://www.mayhem.security/