this post was submitted on 18 May 2026
421 points (98.4% liked)
Technology
84828 readers
5399 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Aah.. that is indeed a problem since the threats have to be dealt with fast once they are reported since they are now basically public..
If a public tool can find a CVE in minutes to hours, it doesn't matter if some of the people using signed an NDA.
All it takes is someone how isn't going to report it to also find and exploit it
So the exploitation window doesn't start when it is reported it started at when the tool could have found it
llm sure have made world more shitty place..
I mean the alternitive, in this case, was security through obscurity, in which these exploits existed, could be reversed for years, and no one else would know .
yes, but with llm they can be uncovered so fast they cant be processed fast enough. And you have to check every report carefully since llm come up with false information all the time, but malicious actors dont have to care about that. Also, now attackers don't have to stockpile the zeroday vulnerabilities, infact they have to use them fast before they are potentially patched.