Mackenzie
In this presentation, we reveal how we used LLMs to discover 900 vulnerabilities in popular open-source tools that were never disclosed. How we caught and watched North Korean APT Lazarus debug a supply chain attack in real time and how we discovered the office Ripple (XRP) cryptocurrency SDK had been backdoored.
We started a multi-year long research project to identify how we could identify novel use cases for using LLM in supply chain security. The research fousces on two approaches
- using public changelogs to identify when security issues were patched and never disclosed
- Using LLMs to identify malware in public packages on NPM
The presentation covers both technical details of our system and how use use out-the-box frontier models as well as taking deep dives into some of the more interesting findings.
Mackenzie
Developer and security advocate
Mackenzie is a developer advocate with a passion for DevOps and code security. As the co-founder and former CTO of a health tech startup, he learnt first-hand how critical it is to build secure applications with robust developer operations. Today as the Developer Advocate at GitGuardian, Mackenzie is able to share his passion for code security with developers and works closely with research teams to show how malicious actors discover and exploit vulnerabilities in code.