The security paradox of local LLMs

(quesma.com)

146 points jakozaur | 2 comments | 22 Oct 25 12:48 UTC | HN request time: 0s | source

Show context

splittydev ◴[22 Oct 25 15:05 UTC] No.45670263[source]▶

All of these are incredibly obvious. If you have even the slightest idea of what you're doing and review the code before deploying it to prod, this will never succeed.

If you have absolutely no idea what you're doing, well, then it doesn't really matter in the end, does it? You're never gonna recognize any security vulnerabilities (as has happened many times with LLM-assisted "no-code" platforms and without any actual malicious intent), and you're going to deploy unsafe code either way.

replies(2): >>45670324 #>>45671085 #

1. BoiledCabbage ◴[22 Oct 25 15:57 UTC] No.45671085[source]▶

>>45670263 #

> All of these are incredibly obvious. If you have even the slightest idea of what you're doing and review the code before deploying it to prod, this will never succeed.

Well this is wrong. And it's exactly this type of thinking why people will get absolutely burned by this.

First off the fact they chose obvious exploits for explanatory purposes doesn't mean this attack only supports obvious exploits...

And to your second point of "review the code before you deploy to prod", the second attack did not involve deploying any code to prod. It involved an LLM reading a reddit comment or github comment and immediately executing.

People not taking security seriously and waving it off as trivial is what's gonna make this such a terrible problem.

replies(1): >>45673906 #

2. thayne ◴[22 Oct 25 19:22 UTC] No.45673906[source]▶

>>45671085 (TP) #

> It involved an LLM reading a reddit comment or github comment and immediately executing.

right, so you shouldn't give the LLM access to execute arbitrary commands without review.

↑