The four-line economic frame for every vulnerability: cost to introduce, cost to discover, cost to fix, and the value of exploitation — and why the math matters.
Post-Mythos vulnerability disclosure: a 2026 field guide for vendors and researchers on AI-era bug bounties, slop triage, and rebuilding ecosystem norms.
Everyone has a take on Moksha's 89-vuln XAPI drop. Almost everyone misses the same thing: it wasn't one decision, it was four: go public, go Day-0, withhold patches from Citrix, lean into the "shittrix" frame. Coordinated disclosure runs on goodwill, and the goodwill runs out sometimes.
Move over #vulnpocalypse — there's a new term we need to talk about: the #slopdemic. AI didn't invent low-quality vuln reports, but it just turbocharged them, and F/OSS is drowning.
Week two of an AI-powered House Finch nest monitor: four model biases, a Wyze cam back from the dead, and a full pipeline rewrite before the eggs hatch.
