Now that AI has become the main tool used by developers to write code, even in open source environments, it will be how feds will slip in backdoors to applications because nobody is going to review the logic of 20000 lines written by AI in a single commit.

Unless projects completely ban use of AI and only allow small commits, this is going to be inevitable. I’ve been seeing so many applications merging AI slop to their code on github already.

  • chgxvjh [he/him, comrade/them]@hexbear.net
    link
    fedilink
    English
    arrow-up
    3
    ·
    14 days ago

    If the devs keep logs of their AI usage, they may be able to prove that the AI injected the backdoor. Then the news propagates through the tech sphere and out to the wider media. Devs then face pressure to stop using that model.

    Are we talking about LLMs being intentionally built to introduce backdoors despite the LLM user intentions or are we talking about attackers using LLMs to write their backdoors?

    The first seems less likely. The second wouldn’t really be blamed on the LLM, at least not in a way that leads to the LLM being shunned by people that otherwise support the use of LLMs.

    If we are talking about LLMs introducing backdoors despite the intentions of the LLM user, that might be targeted to specific projects.