| ▲ | DetroitThrow 4 days ago |
| There must be other corporate bounty programs they could DDOS with fake reports - doing it to curl surely won't yield much profit. |
|
| ▲ | ares623 4 days ago | parent | next [-] |
| This is headline driven development. Sooner or later one of these reports will make it and there will be much rejoicing. |
| |
| ▲ | baq 4 days ago | parent [-] | | s/much rejoicing/pandora's box/ I guess. the thing is, these people aren't necessarily wrong - they're just 1) clueless 2) early. the folks with proper know-how and perhaps tuned models are probably selling zero days found this way as we speak. | | |
| ▲ | jdefr89 4 days ago | parent [-] | | Professional Security Researcher here.. I haven't really seen any models reliably find and exploit a 0day. Folks are are at least TRYING to develop such models internally at the MIT lab where I work, but not sure how far along they are coming yet.. If a model is developed that can find a 0day or two (like Big Sleep which I think maybe found some) I won't be surprised but keep in mind fuzzers find thousands of real 0days with far less compute... These capabilities are of course something worth looking into, but too many people are promising 0day oracles already and that simply just isn't where we are right now (or ever? ). Sorry for bad grammar typing quickly from phone here. |
|
|
|
| ▲ | nenenejej 4 days ago | parent | prev [-] |
| Maybe using curl for RLHF training/tuning before running it on the money sites. |
