AI Is Breaking Two Vulnerability Cultures
10 hours ago
- #AI Security
- #Coordinated Disclosure
- #Vulnerability Disclosure
- The text discusses two vulnerability disclosure cultures: coordinated disclosure (private reporting with a time window) and bugs are bugs (quick fixes without highlighting).
- AI acceleration is making long embargoes riskier due to increased independent discovery, as illustrated by a case where a vulnerability was reported by another researcher just nine hours later.
- Short embargoes are suggested as a better approach, with AI helping both attackers and defenders, making previously uselessly short embargoes feasible.