Krebs Has A Posse
Read more
The Hitchhiker's Guide to Vulnerability Disclosure in 2026
Post-Mythos vulnerability disclosure: a 2026 field guide for vendors and researchers on AI-era bug bounties, slop triage, and rebuilding ecosystem norms.
Coordinated, Until It Isn't
Everyone has a take on Moksha's 89-vuln XAPI drop. Almost everyone misses the same thing: it wasn't one decision, it was four: go public, go Day-0, withhold patches from Citrix, lean into the "shittrix" frame. Coordinated disclosure runs on goodwill, and the goodwill runs out sometimes.
Thoughts on the #slopdemic
Move over #vulnpocalypse — there's a new term we need to talk about: the #slopdemic. AI didn't invent low-quality vuln reports, but it just turbocharged them, and F/OSS is drowning.
Continued Monitoring of the Situation
Week two of an AI-powered House Finch nest monitor: four model biases, a Wyze cam back from the dead, and a full pipeline rewrite before the eggs hatch.