Alex Rice, co-founder, CTO, and CISO of HackerOne, stated in a press release to Ars that studies containing “hallucinated vulnerabilities, imprecise or incorrect technical content material, or different types of low-effort noise” are handled as spam and topic to enforcement.
“We consider AI, when used responsibly, is usually a highly effective instrument for researchers, enhancing productiveness, scale, and impression,” Rice stated. “Innovation on this house is accelerating, and we help researchers who use AI to enhance the standard and effectivity of their work. General, we’re seeing an mixture improve in report high quality as AI helps researchers deliver readability to their work, particularly the place English is a second language.”
“The secret’s making certain that AI enhances the report relatively than introducing noise,” Rice stated. “Our purpose is to encourage innovation that drives higher safety outcomes, whereas holding all submissions to the identical excessive requirements.”
“Extra instruments to strike down this conduct”
In an interview with Ars, Stenberg stated he was glad his submit—which generated 200 feedback and practically 400 reposts as of Wednesday morning—was getting round. “I am tremendous joyful that the problem [is getting] consideration in order that presumably we will do one thing about it [and] educate the viewers that that is the state of issues,” Stenberg stated. “LLMs can not discover safety issues, a minimum of not like they’re getting used right here.”
This week has seen 4 such misguided, clearly AI-generated vulnerability studies seemingly in search of both fame or bug bounty funds, Stenberg stated. “A technique you’ll be able to inform is it is all the time such a pleasant report. Pleasant phrased, excellent English, well mannered, with good bullet-points … an odd human by no means does it like that of their first writing,” he stated.
