alt Hacker NewsThe point is that anyone looking for zero days has them in spades, in this age of LLM use.
So, knowing that bad actors have an unending river of cheaply acquired zero days, the best response is to publish them so that maintainers also have access to them. Existing methods of slow disclosure cannot keep up with the AI firehose.
It’s ugly, but it will force needed change. A thorough AI red team effort is the lowest bar of releasing software responsibly in this day and age.
Replies
mickdarling • today at 2:23 PM
If only the AI tools didn't shut you down every time you were trying to red team your own tools. I've had to come up with all kinds of workaround scenarios, effectively bypassing the AI security processes in order to stress test my own systems.
This is ludicrous logic. We already know that there is an AI firehose. You don't need to do this. They should have used proper disclosure.
All this is doing is making the AI firehose worse.