We don't have a slop problem. We have an inability-to-prioritize problem.
When it comes to security — and particularly vulnerability research, but really right across the board — the issue isn't that there's too much noise. It's that we can't figure out what matters.
Part of the reason? I don't know if you've noticed, but if you look around... it's all basically slop at this point.
Nine takes from my RSAC conversation with Mackenzie Jackson on Aikido's Secure Disclosure podcast — on bug bounty, AI slop, hack-back, vibe coding, and why the internet still working is a minor miracle.
A fun way to think about AI right now: most people are using it as if they were handed an axe for the first time and promptly used it as firewood. The real move isn't using AI to do the thing — it's using AI to build
Why AI is widening the attacker-defender gap faster than anything we've built to close it — and what that actually means for the next decade of security.
As AI accelerates the offense-defense asymmetry, bug bounties and vulnerability disclosure remain essential. Casey Ellis on the future of bug bounties, the evolving threat landscape, and how disclose.io and the SRLDF protect the researchers keeping us safe.
