@jonny sorry, shouldn't have dragged you in. I was just thinking of those code reviews you were posting.
@wyatt_h_knott
I certainly was confused for a minute there like whoa what did I do now lol, nbd
@jonny yeah sorry again, I went back and deleted your username out of all my follow up posts. My apologies. I just have a ton of respect for the code review stuff I saw you doing, and I remember you specifically mentioning something about those LLM vulnerability checks.
To be clear I don't actually think browsers should NEVER update. I'm really just being hyperbolic to make the point that none of us want the AI in our browsers,
@wyatt_h_knott
I try to not comment on security thingz because its way out of my lane, but the security ppl I know who have weighed in have said its mostly smoke and mirrors, like finding theoretical vulns that couldnt really be exploited in practice. Finding specific categories of bugs seems like something that a brute force machine could do if you just extend the cap on what you think would be feasible to brute force by a zillion, which is what the mythos preview basically said it was doing. Plus, the business model seems to pretty plainly be "mob style shakedown" at best - you must pay for infinite LLM security scans because we've already rented it to the attackers - and self-feeding treadmill at worst - pay us to generate a buggy ass program, and then pay us again to find the bugs we created, etc.
Its not like that hockey stick increase in reported vulns is against a neutral background, sure there were bug bounties and whatnot before, but dumping a bazillion new dollars into automated vuln finding sure better cause the line to go up. I wonder what it would look like if all those billions were spent hiring actual pentesters
@jonny thank you, that was exactly the analysis I remembered and was looking for. Particularly the "if you're looking that hard you damn well BETTER find more vulns"