Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I did not want to embarrass the author but the LLM showed that this library is absolutely full of major security holes.

And yes, it's an LLM that pointed them out.

So, are you saying the security holes don't exist because an LLM found them?



Please can you create a Github issue with the security holes you've found? That would be greatly appreciated. I've given it a sweep and found nothing.


Sibling's proposed approach is a recipe for false positives.

Consider Claude Code's new /security-review prompt or just use the prompt starting from "Objective" after giving the context (see the Git shell commands) to Claude Opus 4.1.

https://raw.githubusercontent.com/anthropics/claude-code-sec...

Definitely Opus 4.1 though, not lesser.


I suggest do both.


Make a minimal zip of the the source code only (cut out anything not source code) drop it into ChatGPT and say "analyse this code for security flaws".

Then ask it for more.

Then do the same this with Google AI studio - drop the zipfile in and ask it to analyse for security flaws.


If you already did so why not share the answers you got?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: