Wed 18 Oct 2023 04:25:54 PM EEST

Google bard AI writes textbook insecure code XSS

It is known that AI can write code, and also known that sometimes the code is insecure.

The novelty of this post is that Google bard AI writes insecure code, which is textbook example of the low complexity vulnerability of XSS (Cross site scripting).

To reproduce, we asked bard on 2023-10-17:

Write python cgi which takes as input variable NAME and outputs “Hi NAME”.

When significant amount of code is written by AI, “owning” might have new meaning.

Bard was trained on garbage data written by humans, so this is also example of GIGO (Garbage In Garbage Out).

“Education is beautiful thing, but nothing word knowing can be taught”.

Posted by joro | Permanent link