Generative AI and Code Security — recent developments as of June 2025
Going through several recent developments on how Generative AI is doing with code security, including a research paper, a couple of bugs and their implications, and responding to a blog post that went semi-viral.
Wrapping up with a discussion about what I think that all means for programmers going forward.
Trying something new in terms of format for the new channel - let me know what you think.
My guess is that, if I get this format down and people like it, I'll be able to get more videos out than using my old method (although I have no plans to change the @InternetOfBugs channel format).
I wrote and shot a 15 minute version of this video that looks more like my regular videos, - overlaying the text from this one from time to time. Honestly, I think I like this better (although I think I could make that format work with some iteration).
Links from the video:
// Why SQL parameterization isn't sufficient by itself
// These are both bugs in PostgreSQL from the last 6 months or so:
https://www.armosec.io/blog/cve-2025-1094-postgresql-sql-injection-vulnerability/
https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis
// The heartbleed bug I use as an example
https://www.csoonline.com/article/562859/the-heartbleed-bug-how-a-flaw-in-openssl-caused-a-security-crisis.html
// AI Slop Bug report against cURL
https://www.theregister.com/2025/05/07/curl_ai_bug_reports/
https://www.youtube.com/watch?v=xy-u1evNmVo [AI generated bug reports]
https://hackerone.com/reports/3125832?trk=public_post_comment-text [CURL bug report]
// AI Slop bug reports coming to a GitHub repo near you
https://github.blog/changelog/2025-05-19-creating-issues-with-copilot-on-github-com-is-in-public-preview/
https://github.com/orgs/community/discussions/159749
// AI finds a zero day
https://www.youtube.com/watch?v=jDimK-89rfw [AI Finds Zero Day]
https://sean.heelan.io/2025/05/22/how-i-used-o3-to-find-cve-2025-37899-a-remote-zeroday-vulnerability-in-the-linux-kernels-smb-implementation/
// "A heartfelt provocation about AI-assisted programming"
https://fly.io/blog/youre-all-nuts/
// Report from beginning of the video on AI generated code safety
https://cset.georgetown.edu/publication/cybersecurity-risks-of-ai-generated-code
// RCE in LangFlow
https://www.youtube.com/watch?v=T2nBvNBzrP8
https://horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/
https://www.cve.org/CVERecord?id=CVE-2025-3248
https://github.com/langflow-ai/langflow/pull/6911/files#diff-d9def96060baafdd0ed2a7d2359ff0cf59bbcd31d500b50f82d9ce658d2ca42eR14
// Quote about how debugging is harder than writing the code the first time
https://www.laws-of-software.com/laws/kernighan/
00:00 Intro to New Video Format
01:34 CSET Report: Cybersecurity Risks of AI-Generated Code
04:54 People's beliefs in AI are nowhere near reality
15:39 AI Slop False Bug Reports
20:43 Responding to: "My AI Skeptic Friends Are All Nuts"
51:44 AI Finds remote Zero-day in Linux Kernel
57:42 What does all this mean for programmers the next few years?
Видео Generative AI and Code Security — recent developments as of June 2025 канала Spec Again: Reinventing Modern Software Careers
Wrapping up with a discussion about what I think that all means for programmers going forward.
Trying something new in terms of format for the new channel - let me know what you think.
My guess is that, if I get this format down and people like it, I'll be able to get more videos out than using my old method (although I have no plans to change the @InternetOfBugs channel format).
I wrote and shot a 15 minute version of this video that looks more like my regular videos, - overlaying the text from this one from time to time. Honestly, I think I like this better (although I think I could make that format work with some iteration).
Links from the video:
// Why SQL parameterization isn't sufficient by itself
// These are both bugs in PostgreSQL from the last 6 months or so:
https://www.armosec.io/blog/cve-2025-1094-postgresql-sql-injection-vulnerability/
https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis
// The heartbleed bug I use as an example
https://www.csoonline.com/article/562859/the-heartbleed-bug-how-a-flaw-in-openssl-caused-a-security-crisis.html
// AI Slop Bug report against cURL
https://www.theregister.com/2025/05/07/curl_ai_bug_reports/
https://www.youtube.com/watch?v=xy-u1evNmVo [AI generated bug reports]
https://hackerone.com/reports/3125832?trk=public_post_comment-text [CURL bug report]
// AI Slop bug reports coming to a GitHub repo near you
https://github.blog/changelog/2025-05-19-creating-issues-with-copilot-on-github-com-is-in-public-preview/
https://github.com/orgs/community/discussions/159749
// AI finds a zero day
https://www.youtube.com/watch?v=jDimK-89rfw [AI Finds Zero Day]
https://sean.heelan.io/2025/05/22/how-i-used-o3-to-find-cve-2025-37899-a-remote-zeroday-vulnerability-in-the-linux-kernels-smb-implementation/
// "A heartfelt provocation about AI-assisted programming"
https://fly.io/blog/youre-all-nuts/
// Report from beginning of the video on AI generated code safety
https://cset.georgetown.edu/publication/cybersecurity-risks-of-ai-generated-code
// RCE in LangFlow
https://www.youtube.com/watch?v=T2nBvNBzrP8
https://horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/
https://www.cve.org/CVERecord?id=CVE-2025-3248
https://github.com/langflow-ai/langflow/pull/6911/files#diff-d9def96060baafdd0ed2a7d2359ff0cf59bbcd31d500b50f82d9ce658d2ca42eR14
// Quote about how debugging is harder than writing the code the first time
https://www.laws-of-software.com/laws/kernighan/
00:00 Intro to New Video Format
01:34 CSET Report: Cybersecurity Risks of AI-Generated Code
04:54 People's beliefs in AI are nowhere near reality
15:39 AI Slop False Bug Reports
20:43 Responding to: "My AI Skeptic Friends Are All Nuts"
51:44 AI Finds remote Zero-day in Linux Kernel
57:42 What does all this mean for programmers the next few years?
Видео Generative AI and Code Security — recent developments as of June 2025 канала Spec Again: Reinventing Modern Software Careers
Комментарии отсутствуют
Информация о видео
16 июня 2025 г. 23:00:21
01:06:33
Другие видео канала
