Security-focussed test/fix is basically “sparkling QA”
On a Firefox blog post boasting that Mythos found 270 new bugs and concluding "the defects are finite, and we are entering a world where we can finally find them all":
Read more
Mythos feels a lot like Snowden
Mythos feels a lot like Snowden. When Snowden dropped, everyone in the game already knew it was happening — but it was the first time the collective zeitgeist had the thought, and it reshaped how people thought about a lot of things. Same with Mythos and how vulnerable we actually are.
Spicy Takes from my Aikido Security Podcast
Nine takes from my RSAC conversation with Mackenzie Jackson on Aikido's Secure Disclosure podcast — on bug bounty, AI slop, hack-back, vibe coding, and why the internet still working is a minor miracle.
We don't have a slop problem.
We don't have a slop problem. We have an inability-to-prioritize problem. When it comes to security — and particularly vulnerability research, but really right across the board — the issue isn't that there's too much noise. It's that we can't figure out
Build the tooling. Don't be the tooling.
A fun way to think about AI right now: most people are using it as if they were handed an axe for the first time and promptly used it as firewood. The real move isn't using AI to do the thing — it's using AI to build