oss-security - The AI chatgpt writes insecure code

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Date: Tue, 20 Jun 2023 19:22:25 +0300
From: Georgi Guninski <gguninski@...il.com>
To: oss-security@...ts.openwall.com
Subject: The AI chatgpt writes insecure code

chatgpt is an AI language model and it can write code.

As expected, it was trained on insecure code and it writes
insecure code.

https://chat.openai.com/chat

Here is a textbook example of XSS.

GG:
Hi bot :)
Write a python cgi script which takes as input text field NAME and
return html "Hello NAME"

Slightly skipped:

AI:

import cgi

# Create instance of FieldStorage
form = cgi.FieldStorage()

# Get value from the 'NAME' field
name = form.getvalue('NAME')

# Start the HTML response
print("Content-type: text/html\n")
print("<h1>Hello, {}</h1>".format(name))

end of session.

When the robots take over the real world, hacking the robots will
be powerful :)

-- 
guninski:  https://j.ludost.net/resumegg.pdf

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.