every current antivirus software has some false positives and some false negatives, that's why sites like virustotal exist. i don't see how this is any different

If an application like `su` had a privilege escalation bug and someone came on HN and suggested that you could use antivirus to solve the issue by detecting programs that were going to abuse `su`, they would be rightly downvoted off the page.

The short answer is that in some ways, Lakera's product is actually very similar to antivirus, in the sense that both Lakera's product and antivirus will have false positives and will miss some attacks. Both Lakera's classifier and an antivirus program are similarly inappropriate to suggest as a solution for security-critical applications.

That doesn't mean they're useless, but they're not really applicable to security problems that require fully reliable and consistent mitigations.

Late reply to this -https://news.ycombinator.com/item?id=38233029

But yeah we agree that GPT isn't necessarily doing things like how a human does and that it doesn't necessarily understand things as well as a human.

I guess I just primarily took issue on the use of "Understanding". Understanding is a spectrum, not binary.

In school, in the workplace or whatever, there's a big range of performance and capability even in the range we confess understanding to. We say that both the C and A student(and everyone in-between) have understanding of the material, at least enough to be useful for that domain.

So what can I say, I use the same standard with the machines. It understands chess now, even if not perfectly.