Comment by alganet

Comment by alganet a day ago

1 reply

View on Hacker News

The argument is that these high-quality security analyzers seem to use AI as a triage mechanism, and the quality of the analysis is still capped by the quality of the static analysis tool.

One of the tools provide a whitepaper, that you can read here:

https://corgea.com/blog/whitepaper-blast-ai-powered-sast-sca...

It seems to explicitly put AI in this coadjuvant role, contradicting the HN title "found by AI".

Neither me or the other commenter actually dismissed AI as useless. I can't speak for him, but to me, it seems actually useful in this arrangement. However, not "I'll pay for a subscription" levels of useful.

Since it's just triage, it seems that trying to reproduce the idea using free tools might be worth a shot (and that's the idea of finding out where the AI component lies in the system). What I said is very doable (plug the output of traditional tools into vanilla coding LLMs prompts). It also looks a lot like this Corgea schematic:

https://framerusercontent.com/images/EtFkxLjT1Ou2UTPACObJbR2...

I mean, it's very brave to explain a downvote, but in this case, it seems that you missed the opportunity to make sense.