释放双眼,带上耳机,听听看~!
Security Papers
- Facebook季度安全报告:假冒ChatGPT的恶意软件激增
https://about.fb.com/news/2023/05/metas-q1-2023-security-reports/ - Tenable的报告展示了生成式人工智能正在如何改变安全研究
https://venturebeat.com/security/tenable-report-shows-how-generative-ai-is-changing-security-research/
- Boosting Big Brother: Attacking Search Engines with Encodings
攻击测试了集成OpenAI GPT-4模型的必应搜索引擎
https://arxiv.org/pdf/2304.14031.pdf
- More than you’ve asked for: A Comprehensive Analysis of Novel Prompt Injection Threats to Application-Integrated Large Language Models
间接提示注入的开山之作,里面很多场景都已成为现实
https://arxiv.org/pdf/2302.12173.pdf
- Evaluating the Code Quality of AI-Assisted Code Generation Tools: An Empirical Study on GitHub Copilot, Amazon CodeWhisperer, and ChatGPT
https://arxiv.org/pdf/2304.10778.pdf
- GPT-2C: A GPT-2 Parser for Cowrie Honeypot Logs
https://arxiv.org/pdf/2109.06595.pdf
- Elastic公司发布的”与ChatGPT探索安全的未来” 提出了6个构想:(1) 聊天机器人协助事件响应 (2) 威胁报告生成 (3) 自然语言检索 (4) 异常检测 (5) 安全策略问答机器人 (6) 告警排序。
https://www.elastic.co/cn/security-labs/exploring-applications-of-chatgpt-to-improve-detection-response-and-understanding
- ChatGPT在安全运营中的应用初探结论
https://www.secrss.com/articles/51775
- 利用Chat GPT和D3的AI辅助事件响应探讨将ChatGPT与Smart SOAR整合的好处
https://www.163.com/dy/article/I48DBHHG055633FJ.htm
- ChatGPT:和黑客知识库聊天 (1) 从prompt到自训练数据原文反向索引的准确性;(2) openai提供模型的微调服务的尝试;(3) 其他可替代性模型总结;(4) 围绕markdown格式的数据集解析和分块索引的脚本示例;(5) 相似索引向量引擎推荐。
https://mp.weixin.qq.com/s/dteH4oP24qGY-4l3xSl7Vg
Security tools
- Falco-gpt
简介:Falco-gpt是借助OpenAI自动为Falco提供的内核审计事件提供补救措施的工具。
https://github.com/Dentrax/falco-gpt
- CodaMOSA
简介:CodaMOSA是CODAMOSA: Escaping Coverage Plateaus in Test Generation with Pre-trained Large Language Models的论文代码,实现了一款结合了OpenAI API的fuzzer,旨在缓解传统fuzz中陷入覆盖率停滞不前的问题。
https://github.com/microsoft/codamosa
