• remram@lemmy.ml
    link
    fedilink
    arrow-up
    2
    ·
    3 months ago

    Probably not. Obfuscation works, and might even depend on remote code being downloaded at either build time or run time.

    There are a lot of heuristics you can use (e.g. disallowing some functions/modules) to check a codebase, but those already exist no AI required. Unless you call static analysis “AI”, who knows.

    • unknowing8343@discuss.tchncs.deOP
      link
      fedilink
      arrow-up
      1
      ·
      3 months ago

      But an AI can “realise” the code might be downloading something it doesn’t need to. That’s the point.

      AI is “smart” and understands that you told it that the library was supposed to do something specific, and it can understand that and look for things that seem not correlated to the purpose of the repo.