Sign up to save your podcasts
Or
Share “AI is Breaking Two Vulnerability Cultures” by jefftk
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
“AI is Breaking Two Vulnerability Cultures” by jefftk
A week ago the
Copy Fail
vulnerability came out, and Hyunwoo Kim immediately realized that the
fixes were insufficient, sharing a patch the
same
day. In doing this he followed standard procedure for Linux,
especially within networking: share the security impact with a closed
list of Linux security engineers, while fixing the bug quietly and
efficiently in the open. His goal was that with only the raw fix
public, the knowledge that a serious vulnerability existed
could be "embargoed": the people in a position to address it know, but
they've agreed not to say anything for a few days.
Someone else noticed
the change, however, realized the security implications, and shared
it publicly. Since it was now out, the embargo was deemed over,
and we can now see the full
details.
It's interesting to see the tension here between two different
approaches to vulnerabilities, and think about how this is likely to
change with AI acceleration.
On one side you have "coordinated disclosure" culture. This is
probably the most common approach in computer security. When you
discover a security bug you tell the maintainers privately and give
them some amount of time (often 90d) [...]
---
First published:
May 8th, 2026
Source:
https://www.lesswrong.com/posts/wKzWGMoubHoHRC4ng/ai-is-breaking-two-vulnerability-cultures
---
Narrated by TYPE III AUDIO.
View all episodes
By LessWrongA week ago the
Copy Fail
vulnerability came out, and Hyunwoo Kim immediately realized that the
fixes were insufficient, sharing a patch the
same
day. In doing this he followed standard procedure for Linux,
especially within networking: share the security impact with a closed
list of Linux security engineers, while fixing the bug quietly and
efficiently in the open. His goal was that with only the raw fix
public, the knowledge that a serious vulnerability existed
could be "embargoed": the people in a position to address it know, but
they've agreed not to say anything for a few days.
Someone else noticed
the change, however, realized the security implications, and shared
it publicly. Since it was now out, the embargo was deemed over,
and we can now see the full
details.
It's interesting to see the tension here between two different
approaches to vulnerabilities, and think about how this is likely to
change with AI acceleration.
On one side you have "coordinated disclosure" culture. This is
probably the most common approach in computer security. When you
discover a security bug you tell the maintainers privately and give
them some amount of time (often 90d) [...]
---
First published:
May 8th, 2026
Source:
https://www.lesswrong.com/posts/wKzWGMoubHoHRC4ng/ai-is-breaking-two-vulnerability-cultures
---
Narrated by TYPE III AUDIO.
More shows like LessWrong (30+ Karma)
View all
The Daily
112,330 Listeners
Astral Codex Ten Podcast
130 Listeners
Interesting Times with Ross Douthat
7,247 Listeners
Dwarkesh Podcast
563 Listeners
The Ezra Klein Show
16,328 Listeners
AI Article Readings
4 Listeners
Doom Debates!
14 Listeners
LessWrong posts by zvi
2 Listeners