RVAsec 13

Are LLMs a revolutionary leap forward for security research—or just spicy auto-complete?

The truth lies somewhere in between. This talk cuts through the hype and offers a practical perspective that’s grounded in real-world analysis of critical bugs in widely used products. We’ll walk through our process of harnessing large language models (LLMs) for patch-diffing in the context of N-day vulnerability research. Given a vague security advisory and some complicated code diffs, can an LLM get you closer to finding the right spot in the code to dig deeper? Which models work best for this task, and why? Let’s ditch the theory and get our hands dirty with iterative experimentation. Whether you’re a seasoned pentester, applied researcher, or budding practitioner, you'll take away tactical lessons for incorporating AI into your security toolkit.