🔒 安全
AI 网络安全不是工作量证明:漏洞利用的本质差异AI cybersecurity is not proof of work
Antirez 指出将 AI 安全类比为区块链中的工作量证明(PoW)是错误的类比。PoW 依赖计算资源竞争,而软件漏洞的利用则不同:LLM 执行路径虽多样,但最终受限于代码状态空间,攻击面饱和后难以持续突破。即使采样模型寻找特定代码漏洞,其行为仍受输入分布和模型结构约束,无法像哈希碰撞那样通过无限算力保证成功。因此,AI 安全威胁更依赖智能而非蛮力。
The proof of work is the wrong analogy: finding hash collisions, while exponentially harder with N, is guaranteed to find, with enough work, some S so that H(S) satisfies N, so an asymmetry of resources used will see the side with more "work ability" eventually winning.
But bugs are different:
1. Different LLMs executions take different branches, but eventually the possible branches based on the code possible states are saturated.
2. If we imagine sampling the model for a bug in a given code M times, with M large, eventually the cap becomes not "M" (because of saturated state of the code AND the LLM sampler meaningful paths), but "I", the model intelligence level.
The OpenBSD SACK bug easily shows that: you can run an inferior model for an infinite number of tokens, and it will never realize(*) that the lack of validation of the start window, if put together with the integer overflow, then put together with the fact the branch where the node should never be NULL is entered regardless, will produce the bug.
So, cyber security of tomorrow will not be like proof of work in the sense of "more GPU wins"; instead, better models, and faster access to such models, will win.
* Don't trust who says that weak models can find the OpenBSD SACK bug. I tried it myself. What happens is that weak models hallucinate (sometimes causally hitting a real problem) that there is a lack of validation of the start of the window (which is in theory harmless because of the start < end validation) and the integer overflow problem without understanding why they, if put together, create an issue. It's just pattern matching of bug classes on code that looks may have a problem, totally lacking the true ability to understand the issue and write an exploit. Test it yourself, GPT 120B OSS is cheap and available.
BTW, this is why with this bug, the stronger the model you pick (but not enough to discover the true bug), the less likely it is it will claim there is a bug. Stronger models hallucinate less, so they can't see the problem in any side of the spectrum: the hallucination side of small models, and the real understanding side of Mythos.blog comments powered by Disqus
需要完整排版与评论请前往来源站点阅读。