oh my FUCKING GOD https://github.com/v12-security/pocs/tree/main/fragnesia-5db89c99566fc

shadowjonathan@tech.lgbt

@cadey just keep on patching lmao

im REALLY happy i had automated patching properly setup the last few weeks

shadowjonathan@tech.lgbt

@cadey are these things even getting CVEs?

or coordinated disclosure?

or are these just AI-found bugs people are like "lmao, lemme add to the pile"

xerz@soc.masfloss.net

@ShadowJonathan @cadey yeah

ada@zoner.work

@ShadowJonathan@tech.lgbt @cadey@pony.social they are getting cves but the disclosure happens as the patch is made (not merged).

karolherbst@chaos.social

@xerz @ShadowJonathan @cadey so in case those are ai-found bugs, the reasoning for publishing those immediately is, that anybody else with access to an AI could exploit them, so everybody is probably on the safer side to assume that everything found with those tools are zero-days now.

starchturrets@mastodon.social

@cadey gvisor / vms and carry on. At least until they start dumping vulns for those as well

nrdufour@gardenstate.social

@cadey oh gosh ... this is getting out of control ... going to be a hell of crazy year

sudobash418@hachyderm.io

@ShadowJonathan @cadey
The kernel just updated their guidelines for security issue reporting today; any bugs found via "AI assistance" are to be treated as public.

docs update: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=36d49bba19f2c19c933d13b25dcf4eb607a030b3

phoenix@s0.phoenixsystems.cc

@cadey no such thing as responsible disclosure in the world of AI bullshit huh

catraxx@tech.lgbt

@sudoBash418 @ShadowJonathan @cadey Unsure if that was a good idea.