Their work reveals a blind spot in current software security. Malicious code does not need to be hidden in software alone. It can also be concealed in harmless documentation or configuration scripts. The researchers show how large language models can ...