https://www.zdnet.com/article/third-major-linux-kernel-flaw-in-two-weeks-found-by-ai/
The good news is that they are getting found and people could patch up their systems.
>good news
Yeah, a recent FF update fixed 100+ security issues found by one of the new super-AI LLMs.
>bad news
The flip side is that hackers are using LLMs to find them.
I'm hoping this will be a temporary thing. Right now they are finding 20yo flaws, but as that backlog gets processed it should slow down.
Drupal requires unit testing to release a minor patch. That has reduced the number of times an update breaks things. I am assuming AI exploit testing will also become a required step for any update.
>hoping
I'll have none of that! hhh
AI agents show they can create exploits, not just find vulns
https://www.theregister.com/ai-ml/2026/05/15/ai-agents-show-they-can-create-exploits-not-just-find-vulns/5241453
The First CVE Wave: Signs That AI-Assisted Vulnerability Discovery Is Reshaping Disclosure Volumes | Blog | VulnCheck
https://www.vulncheck.com/blog/ai-assisted-vulnerability-discovery
<+>
AI-powered hacking has exploded into industrial-scale threat, Google says | The Guardian
https://www.theguardian.com/technology/2026/may/11/ai-powered-hacking-industrial-scale-threat-three-months-google
It's a Good vs Evil race. Good is plugging holes while Evil opens them. Here's a good;
Project Glasswing: what Mythos showed us
https://blog.cloudflare.com/cyber-frontier-models/
Quote from: rcjordan on May 15, 2026, 10:23:13 PMAI agents show they can create exploits
But it's still the same thing. That is just taking the next step, which means that if a hacker finds the exploit first, you're hosed.
But if a strong AI agent can do that, it can also become part of integration testing. If you have really strong unit tests and integration tests, you can hopefully just stop a lot of this code from ever getting committed.
Obviously, it's always cat and mouse. You create a better lock and thieves build better tools to break it.
But of course, that's thinking long term after powerful AI is integrated into testing harnesses.
In the short term, we can expect a lot of this
https://www.commondreams.org/news/google-ai-zero-day
and don't bank online. If you must, only expose an amount you can afford to lose.