I ran an RD program years ago. Lots of bored and/or poor, greedy devs submitted metric shit tons of pseudo vulnerabilities (“if I do ctrl-u I can see source code on your web site!” No shit, Sherlock.). I can only imagine how much easier this has become with the help of generative ai…
Yeah, I’d count that credibility as a real benefit from helping with bugs.
As far as xz scenarios go though, the AI slop seems to be a really bad strategy.
I agree, it isn’t a great tactic, but with enough attempts you’ll probably hit a few times.
Yeah, I don’t disagree. And if you hit something small or relatively insignificant but common, that’s all you need
I ran an RD program years ago. Lots of bored and/or poor, greedy devs submitted metric shit tons of pseudo vulnerabilities (“if I do ctrl-u I can see source code on your web site!” No shit, Sherlock.). I can only imagine how much easier this has become with the help of generative ai…