Large Language Models (LLMs) have opened up the floodgates for a whole new generation of security tooling. One of the most obvious applications is automatic discovery of vulnerabilities which so far has had extremely mixed results. Can LLMs “get good” at vulnerability discovery? In this talk, we cover our approach to the problem going into all the success and fails along the way. Finally, we will be tool dropping VulnHuntr, which implements our approach to using LLMs for discovering vulnerabilities through static code analysis along with presenting a number of 0days that were found by it.
microwave (Dan McInerney) was a professional hacker and open source tool developer for a decade, pentesting Fortune 500 properties before leaning into machine learning engineering 4 years ago. The combinations of those skills has lead to the discovery of 11 CVEs in the AI domain... Read More →
byt3bl33d3r (Marcello Salvati) has seen some shit and done some shit, but the shit ain’t nothin’ to him man. If you’re interested in deets, ask. He likes talking to people, come talk to him if you want 😄
Thursday February 6, 2025 1:00pm - 1:50pm MST
Penrose
