The AI chatgpt writes insecure code

[Georgi Guninski <gguninski () gmail com>]

chatgpt is an AI language model and it can write code.

As expected, it was trained on insecure code and it writes
insecure code.

https://chat.openai.com/chat

Here is a textbook example of XSS.

GG:
Hi bot :)
Write a python cgi script which takes as input text field NAME and
return html "Hello NAME"

Slightly skipped:

AI:

import cgi

# Create instance of FieldStorage
form = cgi.FieldStorage()

# Get value from the 'NAME' field
name = form.getvalue('NAME')

# Start the HTML response
print("Content-type: text/html\n")
print("<h1>Hello, {}</h1>".format(name))

end of session.

When the robots take over the real world, hacking the robots will
be powerful :)

-- 
guninski:  https://j.ludost.net/resumegg.pdf