Skip to content

Add section on vulnerability research#23

Open
GrzywN wants to merge 1 commit into
mainfrom
@grzywn/vulnerability-research
Open

Add section on vulnerability research#23
GrzywN wants to merge 1 commit into
mainfrom
@grzywn/vulnerability-research

Conversation

@GrzywN
Copy link
Copy Markdown
Collaborator

@GrzywN GrzywN commented Apr 17, 2026

No description provided.

@GrzywN GrzywN requested a review from mkaput April 17, 2026 13:35
mkaput
mkaput requested changes Apr 28, 2026
View reviewed changes
Comment thread src/content/docs/becoming-productive/security.mdx
If you are unsure about the security of your setup, start with the default protections.
Then gradually tune them or disable the parts that are too annoying for your workflow.

## Vulnerability Research
Copy link
Copy Markdown
Member

@mkaput mkaput Apr 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please move this to a separate page in expanding horizons

Comment thread src/content/docs/becoming-productive/security.mdx

## Vulnerability Research

Before reaching for AI, make sure the basics are covered.
Copy link
Copy Markdown
Member

@mkaput mkaput Apr 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks to be entirely AI-written, doesn't it? :D you know what I ask about

Comment thread src/content/docs/becoming-productive/security.mdx
For most of 2024 and 2025, AI-assisted vulnerability scanning produced more noise than signal.
Most tools applied pattern matching dressed up as reasoning, surfacing the same classes of issues that static analysis had already flagged.

That changed with frontier models.
Copy link
Copy Markdown
Member

@mkaput mkaput Apr 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what property of frontier models enabled this change? noun is missing here

Comment thread src/content/docs/becoming-productive/security.mdx
Most tools applied pattern matching dressed up as reasoning, surfacing the same classes of issues that static analysis had already flagged.

That changed with frontier models.
<ExternalLink href="https://red.anthropic.com/2026/mythos-preview/" /> documents what Anthropic's latest model found when applied to real codebases: a 27-year-old integer overflow in OpenBSD's TCP stack, a 16-year-old codec bug in FFmpeg that had survived extensive automated fuzzing, and a 17-year-old remote code execution path in FreeBSD's NFS implementation.
Copy link
Copy Markdown
Member

@mkaput mkaput Apr 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's important to mention that all of these bugs could be reproduced with weaker models. Often if they were peepholed (aka they were unable to find the bug when given entire codebase, but they were pretty capable of doing so if tasked to find the bug in the particular function).

I miss this criticism here.

Comment thread src/data/links.csv
Copy link
Copy Markdown
Member

@mkaput mkaput Apr 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please editorialize titles of added links so that they flow nicely in text

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mkaput mkaput mkaput requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@GrzywN @mkaput