Search for: All records

Large language models (LLM) are perceived to offer promising potentials for automating security tasks, such as those found in security operation centers (SOCs). As a first step towards evaluating this perceived potential, we investigate the use of LLMs in software pentesting, where the main task is to automatically identify software security vulnerabilities in source code. We hypothesize that an LLM-based AI agent can be improved over time for a specific security task as human operators interact with it. Such improvement can be made, as a first step, by engineering prompts fed to the LLM based on the responses produced, to include relevant contexts and structures so that the model provides more accurate results. Such engineering efforts become sustainable if the prompts that are engineered to produce better results on current tasks, also produce better results on future unknown tasks. To examine this hypothesis, we utilize the OWASP Benchmark Project 1.2 which contains 2,740 hand-crafted source code test cases containing various types of vulnerabilities. We divide the test cases into training and testing data, where we engineer the prompts based on the training data (only), and evaluate the final system on the testing data. We compare the AI agent’s performance on the testing data against the performance of the agent without the prompt engineering. We also compare the AI agent’s results against those from SonarQube, a widely used static code analyzer for security testing. We built and tested multiple versions of the AI agent using different off-the-shelf LLMs – Google’s Gemini-pro, as well as OpenAI’s GPT-3.5-Turbo and GPT-4-Turbo (with both chat completion and assistant APIs). The results show that using LLMs is a viable approach to build an AI agent for software pentesting that can improve through repeated use and prompt engineering. 

Abstract The main science aim of the BlackGEM array is to detect optical counterparts to gravitational wave mergers. Additionally, the array will perform a set of synoptic surveys to detect Local Universe transients and short timescale variability in stars and binaries, as well as a six-filter all-sky survey down to ∼22nd mag. The BlackGEM Phase-I array consists of three optical wide-field unit telescopes. Each unit uses anf/5.5 modified Dall-Kirkham (Harmer-Wynne) design with a triplet corrector lens, and a 65 cm primary mirror, coupled with a 110Mpix CCD detector, that provides an instantaneous field-of-view of 2.7 square degrees, sampled at 0.″564 pixel⁻¹. The total field-of-view for the array is 8.2 square degrees. Each telescope is equipped with a six-slot filter wheel containing an optimised Sloan set (BG-u, BG-g, BG-r, BG-i, BG-z) and a wider-band 440–720 nm (BG-q) filter. Each unit telescope is independent from the others. Cloud-based data processing is done in real time, and includes a transient-detection routine as well as a full-source optimal-photometry module. BlackGEM has been installed at the ESO La Silla observatory as of 2019 October. After a prolonged COVID-19 hiatus, science operations started on 2023 April 1 and will run for five years. Aside from its core scientific program, BlackGEM will give rise to a multitude of additional science cases in multi-colour time-domain astronomy, to the benefit of a variety of topics in astrophysics, such as infant supernovae, luminous red novae, asteroseismology of post-main-sequence objects, (ultracompact) binary stars, and the relation between gravitational wave counterparts and other classes of transients. 

A bstract The NA62 experiment at CERN targets the measurement of the ultra-rare $$ {K}^{+}\to {\pi}^{+}\nu \overline{\nu} $$ K + → π + ν ν ¯ decay, and carries out a broad physics programme that includes probes for symmetry violations and searches for exotic particles. Data were collected in 2016–2018 using a multi-level trigger system, which is described highlighting performance studies based on 2018 data. 

A bstract A sample of 2 . 8 × 10 4 K + → π + μ + μ − candidates with negligible background was collected by the NA62 experiment at the CERN SPS in 2017–2018. The model-independent branching fraction is measured to be (9 . 15 ± 0 . 08) × 10 − 8 , a factor three more precise than previous measurements. The decay form factor is presented as a function of the squared dimuon mass. A measurement of the form factor parameters and their uncertainties is performed using a description based on Chiral Perturbation Theory at $$ \mathcal{O} $$ O ( p 6 ). 

A bstract The NA62 experiment reports the branching ratio measurement $$ \mathrm{BR}\left({K}^{+}\to {\pi}^{+}\nu \overline{\nu}\right)=\left({10.6}_{-3.4}^{+4.0}\left|{}_{\mathrm{stat}}\right.\pm {0.9}_{\mathrm{syst}}\right)\times {10}^{-11} $$ BR K + → π + ν ν ¯ = 10.6 − 3.4 + 4.0 stat ± 0.9 syst × 10 − 11 at 68% CL, based on the observation of 20 signal candidates with an expected background of 7.0 events from the total data sample collected at the CERN SPS during 2016–2018. This provides evidence for the very rare K + → $$ {\pi}^{+}\nu \overline{\nu} $$ π + ν ν ¯ decay, observed with a significance of 3.4 σ . The experiment achieves a single event sensitivity of (0 . 839 ± 0 . 054) × 10 − 11 , corresponding to 10.0 events assuming the Standard Model branching ratio of (8 . 4 ± 1 . 0) × 10 − 11 . This measurement is also used to set limits on BR( K + → π + X ), where X is a scalar or pseudo-scalar particle. Details are given of the analysis of the 2018 data sample, which corresponds to about 80% of the total data sample. 

A bstract A search for the K + → π + X decay, where X is a long-lived feebly interacting particle, is performed through an interpretation of the K + → $$ {\pi}^{+}\nu \overline{\nu} $$ π + ν ν ¯ analysis of data collected in 2017 by the NA62 experiment at CERN. Two ranges of X masses, 0–110 MeV /c 2 and 154–260 MeV /c 2 , and lifetimes above 100 ps are considered. The limits set on the branching ratio, BR( K + → π + X ), are competitive with previously reported searches in the first mass range, and improve on current limits in the second mass range by more than an order of magnitude.