Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a 41-minute conference talk from the 38th Chaos Communication Congress (38C3) that delves into critical security vulnerabilities discovered in Qodo Merge, an AI-powered tool for managing git pull requests. Learn about the potential security risks when integrating AI tools into development workflows, specifically focusing on how Qodo Merge's vulnerabilities could lead to privilege escalation on Gitlab, unauthorized write access to Github repositories, and the exposure of repository secrets. Discover how popular open-source projects, government repositories, automotive industry projects, and blockchain platforms have been affected by these security flaws. Understand the tool's functionality, including its AI-powered features for pull request analysis, code improvement suggestions, and changelog generation, while examining the specific exploit mechanisms, impact assessment, and remediation strategies. Follow the speaker's journey in attempting to report these vulnerabilities and gain insights into the current security posture of the project.
