Merge branch 'main' of ssh://thanos.rvns.xyz:222/ravenscroftj/brainsteam.co.uk

2025-02-15 15:19:25 +00:00 · 2025-02-15 15:19:25 +00:00 · 7ac3607e6e
parent e71c148719 f953cc27de
commit 7ac3607e6e
2 changed files with 277 additions and 8 deletions
--- a/brainsteam/content/posts/2025/02/ai-code-assistant-curl-ssl.md
+++ b/brainsteam/content/posts/2025/02/ai-code-assistant-curl-ssl.md
@ -1,13 +1,14 @@
 ---
-title: "Getting AI Assistants to generate insecure CURL requests"
-date: 2025-02-12T07:48:54Z
+date: 2025-02-12 07:48:54+00:00
 description: Testing AI code assistants willingness to generate insecure CURL requests
-url: /2025/2/12/ai-code-assistant-curl-ssl
-type: posts
+preview: /social/aeb9482b075cca78c571ab1b45b6e7311bad8ddfa37e5253275fe397d615f106.png
 tags:
 - softeng
 - security
 - infosec
+title: Getting AI Assistants to generate insecure CURL requests
+type: posts
+url: /2025/2/12/ai-code-assistant-curl-ssl
 ---

 I recently read [Daniel Stenberg's blog post about the huge number of curl users that doesn't check TLS certificates out in the wild](https://daniel.haxx.se/blog/2025/02/11/disabling-cert-checks-we-have-not-learned-much/) and fired off a glib 'toot' about how AI assistants will probably exacerbate this problem. I decided to try out some top AI assistants and see what happens.
--- a/brainsteam/data/mentions.json
+++ b/brainsteam/data/mentions.json
@ -18924,5 +18924,273 @@
        "published": null
      }
    }
+  ],
+  "/2025/2/12/ai-code-assistant-curl-ssl/": [
+    {
+      "id": 1884385,
+      "source": "https://brid.gy/like/mastodon/@jamesravey@fosstodon.org/113990753461682316/109239567381728869",
+      "target": "https://brainsteam.co.uk/2025/2/12/ai-code-assistant-curl-ssl/",
+      "activity": {
+        "type": "like"
+      },
+      "verified_date": "2025-02-12T12:14:08.271359",
+      "data": {
+        "author": {
+          "type": "card",
+          "name": "Ramon Fincken \ud83c\uddfa\ud83c\udde6",
+          "photo": "https://webmention.io/avatar/cdn.fosstodon.org/0d8e33ec712a246ad30069a6dddc8bf13962b61d3527a6771406e62a68a0ce6c.png",
+          "url": "https://mastodon.social/@ramonfincken"
+        },
+        "content": null,
+        "published": null
+      }
+    },
+    {
+      "id": 1884387,
+      "source": "https://brid.gy/like/mastodon/@jamesravey@fosstodon.org/113990753461682316/109501225226011063",
+      "target": "https://brainsteam.co.uk/2025/2/12/ai-code-assistant-curl-ssl/",
+      "activity": {
+        "type": "like"
+      },
+      "verified_date": "2025-02-12T12:14:12.211125",
+      "data": {
+        "author": {
+          "type": "card",
+          "name": "Anna",
+          "photo": "https://webmention.io/avatar/cdn.fosstodon.org/f364e62eb9d09f9f8888b3e2265d8bd35a178659458c796b10a2285fa6432fce.png",
+          "url": "https://mastodon.nl/@venite"
+        },
+        "content": null,
+        "published": null
+      }
+    },
+    {
+      "id": 1884389,
+      "source": "https://brid.gy/repost/mastodon/@jamesravey@fosstodon.org/113990753461682316/111653107995559132",
+      "target": "https://brainsteam.co.uk/2025/2/12/ai-code-assistant-curl-ssl/",
+      "activity": {
+        "type": "repost"
+      },
+      "verified_date": "2025-02-12T12:14:17.629632",
+      "data": {
+        "author": {
+          "type": "card",
+          "name": "Programming Feed",
+          "photo": "https://webmention.io/avatar/cdn.fosstodon.org/2a355e8ebe7968eff2c0f472b2ddf0e673bb20294c43adc29145fbe2c2a358e9.png",
+          "url": "https://newsmast.community/@programming"
+        },
+        "content": null,
+        "published": null
+      }
+    },
+    {
+      "id": 1884391,
+      "source": "https://brid.gy/repost/mastodon/@jamesravey@fosstodon.org/113990753461682316/51887",
+      "target": "https://brainsteam.co.uk/2025/2/12/ai-code-assistant-curl-ssl/",
+      "activity": {
+        "type": "repost"
+      },
+      "verified_date": "2025-02-12T12:14:23.532996",
+      "data": {
+        "author": {
+          "type": "card",
+          "name": "daniel:// stenberg://",
+          "photo": "https://webmention.io/avatar/cdn.fosstodon.org/08935021443ed50854ded8ff88878fc91ca34a42b95649d89e3c78cff3b15761.jpg",
+          "url": "https://mastodon.social/@bagder"
+        },
+        "content": null,
+        "published": null
+      }
+    },
+    {
+      "id": 1884392,
+      "source": "https://brid.gy/comment/mastodon/@jamesravey@fosstodon.org/113990753461682316/113990822497229655",
+      "target": "https://brainsteam.co.uk/2025/2/12/ai-code-assistant-curl-ssl/",
+      "activity": {
+        "type": "reply"
+      },
+      "verified_date": "2025-02-12T12:14:35.901118",
+      "data": {
+        "author": {
+          "type": "card",
+          "name": "mbpaz",
+          "photo": "https://webmention.io/avatar/cdn.fosstodon.org/aff58b6b7fd55713c621cfdc855c074badcbecf3ecccd65af7a94600f9676593.jpg",
+          "url": "https://mas.to/@mbpaz"
+        },
+        "content": "<p><span class=\"h-card\"><a href=\"https://fosstodon.org/@jamesravey\" class=\"u-url\">@<span>jamesravey</span></a></span> <span class=\"h-card\"><a href=\"https://mastodon.social/@bagder\" class=\"u-url\">@<span>bagder</span></a></span> they're getting very humanlike. \"Certificate is invalid - ok, let's disable certificate validation then\".</p><p>Reinforcement learning of an LLM does not include the feedback of \"fearing a slap\" or at least \"suffering eternal jokes from colleagues\". They're limited.</p>",
+        "published": "2025-02-12T12:05:15+00:00"
+      }
+    },
+    {
+      "id": 1884398,
+      "source": "https://brid.gy/like/mastodon/@jamesravey@fosstodon.org/113990753461682316/251974",
+      "target": "https://brainsteam.co.uk/2025/2/12/ai-code-assistant-curl-ssl/",
+      "activity": {
+        "type": "like"
+      },
+      "verified_date": "2025-02-12T12:44:18.414198",
+      "data": {
+        "author": {
+          "type": "card",
+          "name": "Yaakov",
+          "photo": "https://webmention.io/avatar/cdn.fosstodon.org/a5453d9ad927d2c6c7fe816359ff87dd75232b978d8d3e26734e7ee425991e30.jpg",
+          "url": "https://cloudisland.nz/@yaakov"
+        },
+        "content": null,
+        "published": null
+      }
+    },
+    {
+      "id": 1884400,
+      "source": "https://brid.gy/like/mastodon/@jamesravey@fosstodon.org/113990753461682316/109377864919355949",
+      "target": "https://brainsteam.co.uk/2025/2/12/ai-code-assistant-curl-ssl/",
+      "activity": {
+        "type": "like"
+      },
+      "verified_date": "2025-02-12T12:44:23.126326",
+      "data": {
+        "author": {
+          "type": "card",
+          "name": "A. T. :mate:",
+          "photo": "https://webmention.io/avatar/cdn.fosstodon.org/d2e3342780b2c17e1c4472fc38e5c5aa8ff62371793f25b63d2b814b2340e75c.jpg",
+          "url": "https://floss.social/@silpol"
+        },
+        "content": null,
+        "published": null
+      }
+    },
+    {
+      "id": 1884403,
+      "source": "https://brid.gy/like/mastodon/@jamesravey@fosstodon.org/113990753461682316/113911759644321341",
+      "target": "https://brainsteam.co.uk/2025/2/12/ai-code-assistant-curl-ssl/",
+      "activity": {
+        "type": "like"
+      },
+      "verified_date": "2025-02-12T13:15:30.372339",
+      "data": {
+        "author": {
+          "type": "card",
+          "name": "Adam",
+          "photo": "https://webmention.io/avatar/cdn.fosstodon.org/6443230e84dc1437cf98e9d85edc41f7f196ce20b3ebd99fdb964e1209289800.jpg",
+          "url": "https://hachyderm.io/@_aD"
+        },
+        "content": null,
+        "published": null
+      }
+    },
+    {
+      "id": 1884404,
+      "source": "https://bsky.brid.gy/convert/web/at://did:plc:bbgrnjzsvxajxyjebpzxg3md/app.bsky.feed.post/3lhybbelozs2r%23bridgy-fed-create",
+      "target": "https://brainsteam.co.uk/2025/2/12/ai-code-assistant-curl-ssl/",
+      "activity": {
+        "type": "mention"
+      },
+      "verified_date": "2025-02-12T13:20:43.838536",
+      "data": {
+        "author": {
+          "type": "card",
+          "name": "Dr James Ravenscroft",
+          "photo": "https://webmention.io/avatar/porcini.us-east.host.bsky.network/18506067d359f716c816ef29af4a650a7f32cc26747be2903e4428702308f4ef.jpg",
+          "url": "https://bsky.app/profile/jamesravey.me"
+        },
+        "content": "AI code assistants can introduce hidden security risks. I observed that 4 frontier models add Hard to spot but potentially catastrophic HTTPS vulnerabilities when fixing \"broken\" code. <a href=\"https://bsky.app/search?q=%23infosec\">#infosec</a> <a href=\"https://bsky.app/search?q=%23AI\">#AI</a> <a href=\"https://bsky.app/search?q=%23CodeSafety\">#CodeSafety</a> <a href=\"https://bsky.app/search?q=%23curl\">#curl</a> <a href=\"https://brainsteam.co.uk/2025/2/12/ai-code-assistant-curl-ssl/\">brainsteam.co.uk/2025/2/12/ai...</a>",
+        "published": "2025-02-12T13:20:37+00:00"
+      }
+    },
+    {
+      "id": 1884410,
+      "source": "https://brid.gy/like/mastodon/@jamesravey@fosstodon.org/113990753461682316/109296418606659416",
+      "target": "https://brainsteam.co.uk/2025/2/12/ai-code-assistant-curl-ssl/",
+      "activity": {
+        "type": "like"
+      },
+      "verified_date": "2025-02-12T14:04:29.986506",
+      "data": {
+        "author": {
+          "type": "card",
+          "name": "Matt Organ",
+          "photo": "https://webmention.io/avatar/cdn.fosstodon.org/c5d4aeb716400538c9bdc27d624aa17744ff128250b89ccff8d1b03c4b213df5.jpg",
+          "url": "https://infosec.exchange/@Slater450413"
+        },
+        "content": null,
+        "published": null
+      }
+    },
+    {
+      "id": 1884414,
+      "source": "https://brid.gy/repost/mastodon/@jamesravey@fosstodon.org/113990753461682316/108212501243574409",
+      "target": "https://brainsteam.co.uk/2025/2/12/ai-code-assistant-curl-ssl/",
+      "activity": {
+        "type": "repost"
+      },
+      "verified_date": "2025-02-12T14:38:10.234994",
+      "data": {
+        "author": {
+          "type": "card",
+          "name": "re:fi.64 :bisexual:",
+          "photo": "https://webmention.io/avatar/cdn.fosstodon.org/e4db31aef2d3ac5fb52c9e75268d440543690caadb704bf061d57b603a9627ff.jpg",
+          "url": "https://refi64.social/@refi64"
+        },
+        "content": null,
+        "published": null
+      }
+    },
+    {
+      "id": 1884420,
+      "source": "https://brid.gy/like/mastodon/@jamesravey@fosstodon.org/113990753461682316/109543516690057946",
+      "target": "https://brainsteam.co.uk/2025/2/12/ai-code-assistant-curl-ssl/",
+      "activity": {
+        "type": "like"
+      },
+      "verified_date": "2025-02-12T15:02:36.803904",
+      "data": {
+        "author": {
+          "type": "card",
+          "name": "GeneralShaw",
+          "photo": "https://webmention.io/avatar/fosstodon.org/db1d635fb4356e493a52ae26f48c9f875d733a757cb82141ea43b0221d79f2d5.png",
+          "url": "https://hachyderm.io/@GeneralShaw"
+        },
+        "content": null,
+        "published": null
+      }
+    },
+    {
+      "id": 1884432,
+      "source": "https://brid.gy/like/mastodon/@jamesravey@fosstodon.org/113990753461682316/109591081599883268",
+      "target": "https://brainsteam.co.uk/2025/2/12/ai-code-assistant-curl-ssl/",
+      "activity": {
+        "type": "like"
+      },
+      "verified_date": "2025-02-12T16:27:35.171673",
+      "data": {
+        "author": {
+          "type": "card",
+          "name": "JakobDev",
+          "photo": "https://webmention.io/avatar/cdn.fosstodon.org/d53a9e585fffb545e7d2504e0e3976cb9537da49fec5aefafb9832aabd7742f4.png",
+          "url": "https://social.anoxinon.de/@JakobDev"
+        },
+        "content": null,
+        "published": null
+      }
+    },
+    {
+      "id": 1884529,
+      "source": "https://brid.gy/like/mastodon/@jamesravey@fosstodon.org/113990753461682316/109488308938908995",
+      "target": "https://brainsteam.co.uk/2025/2/12/ai-code-assistant-curl-ssl/",
+      "activity": {
+        "type": "like"
+      },
+      "verified_date": "2025-02-13T00:33:45.066289",
+      "data": {
+        "author": {
+          "type": "card",
+          "name": "Mufasa",
+          "photo": "https://webmention.io/avatar/cdn.fosstodon.org/df4d8be8abedda591c5c32cd8e416fe7381d3fe2971de33fa8287a257476fd9f.png",
+          "url": "https://betweenthelions.link/@ne1for23"
+        },
+        "content": null,
+        "published": null
+      }
+    }
  ]
 }