(quesma.com)

145 points jakozaur | 1 comments | 22 Oct 25 12:48 UTC | HN request time: 0s | source

Show context

splittydev ◴[22 Oct 25 15:05 UTC] No.45670263[source]▶

All of these are incredibly obvious. If you have even the slightest idea of what you're doing and review the code before deploying it to prod, this will never succeed.

If you have absolutely no idea what you're doing, well, then it doesn't really matter in the end, does it? You're never gonna recognize any security vulnerabilities (as has happened many times with LLM-assisted "no-code" platforms and without any actual malicious intent), and you're going to deploy unsafe code either way.

replies(2): >>45670324 #>>45671085 #

tcdent ◴[22 Oct 25 15:09 UTC] No.45670324[source]▶

>>45670263 #

Sure, you can simplify these observations into just codegen. But the real observation is not that these models are more susceptible to fail when generating code, but that they are more susceptible to jailbreak-type attacks that most people have come to expect to be handled by post training.

Having access to open models is great, and even if their capabilities are somewhat lower than the closed-source SoTA models, and we should be aware of the differences in behavior.

replies(2): >>45673892 #>>45673954 #

1. thayne ◴[22 Oct 25 19:21 UTC] No.45673892[source]▶

>>45670324 #

> more susceptible to jailbreak-type attacks that most people have come to expect to be handled by post training

the keyword here is "more". The big models might not be quite as susceptible to them, but they are still susceptible. If you expect these attacks to be fully handled, then maybe you should change your expectations.

↑

The security paradox of local LLMs