A good chunk of the reports are false positives (slop) per the researcher's own admission in his talk. I have no issue sharing the bug reports either; the bugs are better fixed.

What I take issue with is that they have basically released the weapon first without thinking about the consequences. And again, if you watch the talk, you'll see how he literally calls others to action to fix the problem. They made a problem and are asking you to fix it, and it will also cost you money, which conveniently goes to them. Any industry with even a semblance of regulation would find this very disturbing.

▲

akerl_ 14 hours ago | parent [-]

The “weapon” here is identifying vulnerabilities that were already present and exploitable by malicious actors?

▲

yunnpp 10 hours ago | parent [-]

A very shallow dismissal of my point. Is there no room for depth in your logical analysis?

First of all, we don't know whether this particular bug was already being exploited in the wild. We do know that there is a community of experts looking at the Linux kernel and reporting bugs. Yet this bug had never been reported until now. So either nobody ever looked there (unlikely), or they did and didn't find it. Conversely, the LLM found it with a prompt that even a 5-year old can type. That significantly lowers the effort for the attacker, so much that it changes the game. It is, to use a crude analogy, like deploying firearms in a field traditionally fought with sword and shield. So yes, that's the weapon, and these guys released the stuff to the public with no oversight. That should get some people thinking.

	▲	akerl_ 10 hours ago \| parent [-]
		> So either nobody ever looked there (unlikely), or they did and didn't find it. Those aren't the only two options.