AI tools have broken out spectacularly in 2022, offering image generation, video upscaling, text completion, and much more.
The recent release of OpenAI's ChatGPT led researchers to discover that the new language model had unexpected security engineering capabilities. In particular, this talk explores the use of the davinci-003 model to automatically comment decompiled functions and suggest new names for their variables.

This led to the creation of Gepetto, an IDA Pro plugin that extracts information from the tool and submits it into OpenAI's API to speed up the analysis dramatically for the rough equivalent of 1$ per day.

The plugin's code is available here: https://github.com/JusticeRage/Gepetto

Despite strong public statements that they want "a safer internet for everyone", many states appear to be double-dealing in the cyber-space and engage in the very activities they discourage. In order to convince decision-makers to genuinely discuss acceptable behavior in the cyberspace, we need to give up on moral arguments and focus on pragmatic reasons to favor defense. But the incentives towards offense may just be too strong.