Dan Goodin@dangoodin@infosec.exchange
Companies are touting new AI-based vulnerability detection tools by citing results from experiments. Yesterday it was Google (https://bsky.app/profile/argv.bsky.social/post/3lvliu2txfc2u), and today it's Microsoft (https://www.microsoft.com/en-us/research/blog/project-ire-autonomously-identifies-malware-at-scale/). I'm still trying to devise good questions to ask when I see these sorts of things. If the results are noteworthy, I want to report them. If they're hype or misleading, I want to call them out. For now, this is a work in progress.