Applying LLMs for security related tasks has been a hot topic recently.
Here's a thread of certain material which caught my eye! 🧵
1/ eyeballvul: a future-proof benchmark for vulnerability detection in the wild by @timotheechauvin
arxiv.org/pdf/2407.08708
2/ The DL on LLM Code Analysis by @richinseattle
fuzzing.io/Presentations/…
3/ An Empirical Study of LLM for Code Analysis: Understanding Syntax and Semantics
openreview.net/pdf/61d43ad4ea…
4/ NExT: Teaching Large Language Models to Reason about Code Execution
arxiv.org/pdf/2404.14662
5/ How Does Naming Affect LLMs on Code Analysis Tasks?
arxiv.org/pdf/2307.12488
6/ AI Powered Bug Hunting by @ortegaalfredo
github.com/ortegaalfredo/…
The second big area is augmenting language models with the ability to use tools and agentic approaches:
7/ Augmented Language Models: a Survey
arxiv.org/pdf/2302.07842
8/ An Empirical Evaluation of LLMs for Solving Offensive Security Challenges
arxiv.org/pdf/2402.11814
9/ EnIGMA: Enhanced Interactive Generative Model Agent for CTF Challenges
enigma-agent.github.io/assets/paper.p…
10/ Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
googleprojectzero.blogspot.com/2024/06/projec…
11/ Automated LLM Bugfinders by @daveaitel
cybersecpolitics.blogspot.com/2024/06/automa…
12/ More software engineering than security directly, however, core concepts agentic frameworks are built on:
OpenHands - A platform for software development agents powered by AI
github.com/All-Hands-AI/O…
SWE-Agent - GitHub issue tracker fixer
github.com/princeton-nlp/…
There's so much going on in this area right now! What have I missed?
Share this Scrolly Tale with your friends.
A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.