daniel:// stenberg://2d ago

There is virtually **no** AI slop security reports anymore submitted about #curl. They don't seem to happen any longer.

Almost everyone still uses AI though.

Show threadViss2d ago
@bagder is that because you quit h1? or people finally gave up trying?
Show threaddaniel:// stenberg://2d ago
@Viss we went back to h1. I think primarily because the AI tooling got a lot better.
Show threadViss2d ago
@bagder oh! interesting! did h1 implement any guard rails at all since or did they mention anything to you? i wager a torrrent of negative press about how they just let slop reports through probably put a dent in their revenue stream
Show threaddaniel:// stenberg://2d ago
@Viss they've done some minor tweaks, but I can't see how anything they've done is any factor here
Show threadViss2d ago
@bagder iiiiiinteresting!
Show threadJosh Bressers2d ago

@Viss @bagder

LLMs are shockingly good at finding security vulnerabilities now

The reports they write are a bit meh, and coordination is still hard

Show threadViss
@joshbressers @bagder i have a buuuuuunch of research in working on, and the title of the talk is 'claude is your insider threat now'. fingers crossed securityfest and sec-t let me in :D
Apr 5 at 9:28pmTusky Test