The zero-days are numbered - https://blog.mozilla.org/en/firefox/ai-security-zero-day-vulnerabilities/ "The defects are finite, and we are entering a world where we can finally find them all."

Reply to The zero-days are numbered - https://blog.mozilla.org/en/firefox/ai-security-zero-day-vulnerabilities/ "The defects are finite, and we are entering a world where we can finally find them all." on Wed, 22 Apr 2026 10:26:40 GMT

drajt@fosstodon.org — Wed, 22 Apr 2026 10:26:40 GMT

@glynmoody well the early reports sent to the #cURL team were mostly #AIslop and placed an excessive burden on them, so they banned #AI bug reports.

Code scanning has got better in the last few months and now can make interesting and useful insights, though not always security related. I believe the Linux kernel team have found quite a few bugs from recent AI submissions.

The biggest problem is the resources to fix them, many volunteers are overloaded already.

Reply to The zero-days are numbered - https://blog.mozilla.org/en/firefox/ai-security-zero-day-vulnerabilities/ "The defects are finite, and we are entering a world where we can finally find them all." on Wed, 22 Apr 2026 10:20:01 GMT

glynmoody@mastodon.social — Wed, 22 Apr 2026 10:20:01 GMT

@drajt more eyes - even ai eyes - are better if reports are good

Reply to The zero-days are numbered - https://blog.mozilla.org/en/firefox/ai-security-zero-day-vulnerabilities/ "The defects are finite, and we are entering a world where we can finally find them all." on Wed, 22 Apr 2026 09:59:35 GMT

drajt@fosstodon.org — Wed, 22 Apr 2026 09:59:35 GMT

@glynmoody static code analysis found hundreds of bugs in open source projects previously. Finding "bugs" with tools like this is easier than fixing them and stopping new ones creeping in in later changes.

I believe several people have recently reported that AI bug reports have just changed from mostly slop to often useful.

Reply to The zero-days are numbered - https://blog.mozilla.org/en/firefox/ai-security-zero-day-vulnerabilities/ "The defects are finite, and we are entering a world where we can finally find them all." on Wed, 22 Apr 2026 08:02:44 GMT

glynmoody@mastodon.social — Wed, 22 Apr 2026 08:02:44 GMT

@floppy yes, probably a hostage to fortune

Reply to The zero-days are numbered - https://blog.mozilla.org/en/firefox/ai-security-zero-day-vulnerabilities/ "The defects are finite, and we are entering a world where we can finally find them all." on Wed, 22 Apr 2026 08:01:57 GMT

axx@mstdn.fr — Wed, 22 Apr 2026 08:01:57 GMT

@glynmoody right but … software is a stream, not in a static settled state. The likelihood of never introducing a new bug is zero.

…says he before reading the article. I should go do that.

Reply to The zero-days are numbered - https://blog.mozilla.org/en/firefox/ai-security-zero-day-vulnerabilities/ "The defects are finite, and we are entering a world where we can finally find them all." on Wed, 22 Apr 2026 07:57:35 GMT

floppy@mastodon.me.uk — Wed, 22 Apr 2026 07:57:35 GMT

@glynmoody "the defects are finite" sounds like "nobody will ever need more than 640k of memory" to me.