Richard Johnson
Richard Johnson is a computer security specialist with a focus on fuzzing and software vulnerability analysis. Currently Principal Security Researcher for Eclypsium, a platform security company, and owner of FUZZING IO, a research and development company offering professional training and consulting services, Richard offers over 20 years of professional expertise and leadership in the information security industry. Previously Richard was Director of Security Research at Oracle Cloud and Research Lead roles at Trellix, Cisco Talos, and Microsoft. Richard has delivered training and presented annually at premier industry conferences for over 20 years including Black Hat, Defcon, RECON, CanSecWest, and many more.
XXXL
Sessions
Welcome to the New World Order, the Age of Artificial Intelligence, the unavoidable evolution of technology that is here to assimilate human knowledge in its natural language form! You've parleyed with the perceptrons, you've dreamed deeply with Dall-E, but how do we harness this emerging capability to perform security analysis tasks such as looking for vulnerabilities and malware in source or binaries? In this hour I will give you the down low download of deep learning applications for code analysis!
We will review successes and failures in research applying LLMs to code analysis tasks and discuss how to evaluate models and create your own dataset for evaluation, training, and tuning prompting for better results. Finally we will conclude with a brief discussion of the threat landscape when deploying LLMs in production including multiple new vulnerabilities discovered during the course of this research.