Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
IEEE

Finetuning Large Language Models for Vulnerability Detection

Abstract: This paper presents the results of finetuning large language models (LLMs) for the task of detecting vulnerabilities in Java source code. We leverage WizardCoder, a recent improvement of the ...

Cracking the code: How a 'prediction machine' is resurrecting the Singapore Stone

Several years ago, my linguistic research team and I began developing a computational tool we call "Read-y Grammarian." Our ...

A.I. Writes Buggy Code. A Silicon Valley Start-Up Wants to Fix It.

These start-ups, including Axiom Math and Harmonic, both in Palo Alto, Calif., and Logical Intelligence in San Francisco, hope to create A.I. systems that can automatically verify computer code in ...
CoinDesk

Crypto code commits fall 75% as developers move to AI projects

Developers are shifting toward artificial intelligence infrastructure as blockchain ecosystems lose contributors across major networks, from Ethereum to Solana.

Dark Sky Technology Announces Air-Gapped SBOM Generation for Mixed-Code Development Environments with Bulletproof Trust™

New capability delivers compliant, rich, analysis-ready SBOMs from a single folder-based workflow—even for mixed and ...

AI is getting scary good at finding hidden software bugs - even in decades-old code

Researchers have found that LLM-driven bug finding is not a drop-in replacement for mature static analysis pipelines. Studies comparing AI coding agents to human developers show that while AI can be ...