The point is that anyone looking for zero days has them in spades, in this age of LLM use.

So, knowing that bad actors have an unending river of cheaply acquired zero days, the best response is to publish them so that maintainers also have access to them. Existing methods of slow disclosure cannot keep up with the AI firehose.

It’s ugly, but it will force needed change. A thorough AI red team effort is the lowest bar of releasing software responsibly in this day and age.

You don't need to be pissed off to decide that immediate public disclosure is the best option.

Approaching the maintainers would be ideal but time-consuming. Disclosing it like this is neutral I guess. Better than selling it in the darknet.

I do wonder though: if you can tell the AI to search for vulns, can't you also tell it to contact the right maintainer for each one found?