The AI security conversation is vast, dynamic, and — too often — imprecise. One person means AI-powered phishing. Another means adversarial attacks on models. Another means autonomous agents. Everyone says "AI security" and assumes they're talking about the same thing. They're usually not. I created this
There's a fresh conversation happening about the distinction between bug bounty programs and vulnerability disclosure programs. This is an area where the distinction between a bug bounty program (cash or cash equivalent proactively offered to the public) and a vulnerability disclosure program (which can optionally offer a thank-you
Last Saturday Jan 31 was my last day "inside the tent" at Bugcrowd.
