Today a bunch of my open-source projects got slammed by incorrect AI-written vulnerability reports demanding $299 for disclosure

pl@cosocial.ca

@jonty but it has a scan hash!!

david_chisnall@infosec.exchange

@jonty

Some legitimate folks got burned by doing this because asking for money to not do a bad thing meets the legal definition of blackmail, even if it's well intentioned. If they have an actual business that they want you to contact, you may be able to get the police involved.

impulse9@chaos.social

@issyl0 @jonty thank you!

spaceinvader@social.securitytheater.net

@jonty Yeah, I wouldn’t pay $299 for something with only a SHA-256 seal! That’s more than $1/bit.

eatyourgreens@mastodon.social

@jonty isn’t extortion a teensy bit illegal in the UK?

luc0x61@mastodon.gamedev.place

@jonty When you have a perfect idiot machine to generate massive scam, why don't?
Here's the real added value of LLMs, where to monetize on.

guillotine_jones@beige.party

@jonty
Who said Ai isn't making money?

n1xnx@tilde.zone

@jonty
Sounds like criminal extortion to me.
Send a C&D letter and f9ile a complaint with the police? Since it's over the wire, that makes it Federal if it's in the US.

nobody@mastodon.acm.org

@jonty
"You're in a desert, Leon, walking along in the sand ..."

tr4nt0r@chaos.social

@jonty more like Veritas scamming engine. Also got an issue yesterday, but it was empty without any details. But I instantly deleted it and blocked the account.

rndanger@infosec.exchange

@eatyourgreens @jonty
Not if you put pressure on the right people

musevg@23.social

@jonty @da_667
So… This is your code? And they created an issue about 2 alleged vulnerabilities and are asking you for $299 to disclose them to you?

xeno@hexokina.se

@jonty@chaos.social this is just a sloppy attempt at automated extortion

(to the creator of this “””tool”””) get fucked mate