they should make another mailing list for ai generated reports that they totally read, and ban anyone who submits slop to the main one. not sure how feasible it is since spammers will just generate new emails, but at least they would have something clear to point out the malicious intent.
the point being the mail list for ai slop is there just so it doesnt clog the actual one and anyone who breaks that can be blacklisted as malicious actor.
The problem isn’t that AI is maliciously spamming the mailing list, it’s that AI is able to find and report real or potential security vulnerabilities at rates that no human organization can process fast enough. Open source browsers and Linux have been slammed lately with vulnerabilities found by Mythos.
I mean the alternitive, in this case, was security through obscurity, in which these exploits existed, could be reversed for years, and no one else would know .
yes, but with llm they can be uncovered so fast they cant be processed fast enough. And you have to check every report carefully since llm come up with false information all the time, but malicious actors dont have to care about that. Also, now attackers don’t have to stockpile the zeroday vulnerabilities, infact they have to use them fast before they are potentially patched.
Right, the next step is how do we filter BS faster for devs and fix/mitigate bugs faster or even better prevent this category of bugs from being implimented.
they should make another mailing list for ai generated reports that they totally read, and ban anyone who submits slop to the main one. not sure how feasible it is since spammers will just generate new emails, but at least they would have something clear to point out the malicious intent.
It would likely create more work and just result in two unmanageable mailing lists. Doubling the problem.
Sounds like the perfect solution!
the point being the mail list for ai slop is there just so it doesnt clog the actual one and anyone who breaks that can be blacklisted as malicious actor.
The problem isn’t that AI is maliciously spamming the mailing list, it’s that AI is able to find and report real or potential security vulnerabilities at rates that no human organization can process fast enough. Open source browsers and Linux have been slammed lately with vulnerabilities found by Mythos.
Aah… that is indeed a problem since the threats have to be dealt with fast once they are reported since they are now basically public…
If a public tool can find a CVE in minutes to hours, it doesn’t matter if some of the people using signed an NDA.
All it takes is someone how isn’t going to report it to also find and exploit it
So the exploitation window doesn’t start when it is reported it started at when the tool could have found it
llm sure have made world more shitty place…
I mean the alternitive, in this case, was security through obscurity, in which these exploits existed, could be reversed for years, and no one else would know .
yes, but with llm they can be uncovered so fast they cant be processed fast enough. And you have to check every report carefully since llm come up with false information all the time, but malicious actors dont have to care about that. Also, now attackers don’t have to stockpile the zeroday vulnerabilities, infact they have to use them fast before they are potentially patched.
Right, the next step is how do we filter BS faster for devs and fix/mitigate bugs faster or even better prevent this category of bugs from being implimented.