I guess traditional moratorium period for vulnerability publication is going to be fade away as we rely on AI to find it.

If publicly accessible AI model with very cheap fee can find it, it's very natural to assume the attackers had found it already by the same method.

▲

saddist0 4 hours ago | parent [-]

It’s a wrong way to look at things. Just because CIA can know your location (if they want to), would you share live location to everyone on the internet?

LLM is a tool, but people still need to know — what where how.

▲

lxgr 3 hours ago | parent | next [-]

Not sure if that's a great example. If there's a catastrophic vulnerability in a widely used tool, I'd sure like to know about it even if the patch is taking some time!

The problem with this is that the credible information "there's a bug in widely used tool x" will soon (if not already) be enough to trigger massive token expenditure of various others that will then also discover the bug, so this will often effectively amount to disclosure.

I guess the only winning move is to also start using AI to rapidly fix the bugs and have fast release cycles... Which of course has a host of other problems.

	▲	integralid an hour ago \| parent [-]
		>there's a bug in widely used tool x" There's a security bug in Openssh. I don't know what it is, but I can tell you with statistical certainty that it exists. Go on and do with this information whatever you want.

▲

mx7zysuj4xew 2 hours ago | parent | prev [-]

Wrong argument, since it's not just available to "the CIA" but every rando under the sun, people should be notified immediately if "tracking" them is possible and mitigation measures should become a common standard practice