daniel:// stenberg://2d ago

There is virtually **no** AI slop security reports anymore submitted about #curl. They don't seem to happen any longer.

Almost everyone still uses AI though.

Show threadViss2d ago
@bagder is that because you quit h1? or people finally gave up trying?
Show threaddaniel:// stenberg://2d ago
@Viss we went back to h1. I think primarily because the AI tooling got a lot better.
Show threadViss2d ago
@bagder oh! interesting! did h1 implement any guard rails at all since or did they mention anything to you? i wager a torrrent of negative press about how they just let slop reports through probably put a dent in their revenue stream
Show threaddaniel:// stenberg://2d ago
@Viss they've done some minor tweaks, but I can't see how anything they've done is any factor here
Show threadViss2d ago
@bagder iiiiiinteresting!
Show threadJosh Bressers2d ago

@Viss @bagder

LLMs are shockingly good at finding security vulnerabilities now

The reports they write are a bit meh, and coordination is still hard

Show threadJosh Bressers

@Viss @bagder

I will note though, I haven't seen the exploit prices come down yet

It's possible the markets haven't caught up, or it's bad at finding the really juicy stuff

I admit I haven't seen it find anything SUPER impressive yet

Apr 5 at 9:29pmWeb
Show threadViss2d ago
@joshbressers @bagder llms are at 'bad adhd intern levels now', it feels like, versus hallucinatory and outright intentional disinformation
Show threadStefan Eissing2d ago
@joshbressers @Viss @bagder It‘s a lot about edge cases in API use and things involving ‚malicious servers‘ - which…yeah, it‘s security, but…