Here's the attack story I use when I need to explain AI code backdoors to sceptical engineers. A developer needed an encryption function. They opened GitHub Copilot, described what they wanted, and accepted the suggestion. The code worked. It passed code review. It went to production. Six months later a security audit found it: AES encryption in ECB mode — the mode that produces identical ciphertext for identical plaintext blocks, making patterns in the plaintext visible in the ciphertext. The…
No comments:
Post a Comment