• Jason2357@lemmy.ca
    link
    fedilink
    English
    arrow-up
    4
    ·
    4 days ago

    Indeed. The propaganda around these new AI models was that they were so dangerous that they would break the security of everything.

    Turns out the biggest issues were a couple of user privlidge execution vulnerabilities? I guess that is testiment to the actual human effort that went into everything.

    I’m heartened that there hasn’t been any arbitrary code remote execution vulnerabilities that would have actually caused major problems.

    We have known for a while that user security is only one layer and shouldn’t be relied on 100%. Thats precisely why people run anything remotely dangerous in a VM, not just as an unprivilidged user. If you are running a service in docker, sure this is bad, but only catastrophic if the service also has a vulnerability allowing remote execution AND that machine has access to something else sensitive.