caseyjohnellis
Subscribe
← all posts
Security

AI Didn't Break Vulnerability Disclosure. It Exposed What Was Already Broken.

By Casey Ellis · 29 Jun 2026 · 4 min read

There's a sentence I keep coming back to from a conversation Josh Bressers and I had recently on Open Source Security: we'd already gotten pretty bad at the intake side of vulnerability disclosure — and then we multiplied the discovery and fix sides by ten. That's the real story. AI isn't the problem. AI is the X-ray that finally let us see the problem we'd been ignoring for a decade.

The episode was billed as a conversation about open-source security. We got there. We also wandered, fast, into AI, bug bounty economics, the unevenly-distributed change around how we treat hackers, the CVE program's collision with reality, and the long-tail supply-chain debt that 2026 is heir to. Open source is the through-line because open source is where most of those forces meet, but the conversation was never going to stay narrow. Honest billing up front.

A few threads from the conversation I want to defend in print.

The Stenberg reversal is the canary. Daniel Stenberg famously quit the curl bug bounty on HackerOne in 2025 over AI slop reports, and he's recently softened his position — Josh was right to call that out. The part of the story that's getting less air time is why. Two things changed at once. LLMs got materially better at vulnerability discovery, especially with source code in the loop — most dramatically in the last six months, steadily for two or three years before that. And Daniel, by removing the cash incentive, changed his own signal-to-noise floor. The people who show up to a paid program optimize for the payout; the people who show up when there's no money attached are showing up for a different reason. We talked about the five Ps of hacker motivation that I Am The Cavalry put on the wall years ago — prestige, profit, protest, patriotism, and puzzling. Drop profit out of the mix and you don't lose all your signal. You lose a specific kind of noise.

The internet is built on a taller pile of turtles than it was in 2006. Josh drew the analogy to the early-fuzzing era — the moment when researchers started fuzzing everything and overwhelmed every vendor at once, and the moment that ultimately gave us ASLR, stack canaries, and most of the memory-safety hardening we now take for granted. The shape is rhyming. But the substrate underneath is bigger. npm install one package, get 7,000. Patch curl — and curl is in everything. Every product downstream has to regression-test the fix against the functionality they shipped. Meanwhile the attacker doesn't need to find the vulnerability anymore; they diff the patch. That asymmetry is what makes this rougher than fuzzing was. The shape rhymes. The blast radius does not.

The 99.9% problem. Most of open source is not the Linux kernel, not Kubernetes, not Apache. Most of open source is one person who works on a project one Sunday a quarter, has a job, has a family, and cannot be paid to make it better because they don't have the hours. The cleanest read of the XKCD "Nebraska" comic is the wrong one. It's not one block. It's a thousand blocks, stacked, each one a different random person. The institutions that should understand this — Linux Foundation, OpenSSF, CVE — mostly don't. Their mental model of open source is the funded, well-staffed end of the long tail, not the long tail itself. That mismatch is going to keep biting, hard, for years.

Don't wait for the cavalry — go build something. This is the part I'm most convicted about. The CVE program is under stress at a scale most people don't see. The vulnerability-management institutions are working as hard as they can, and they're behind. The safe assumption is that the cavalry is not coming on the timeline you need it on. The good news is that there has never been an easier or cheaper moment for someone with deep domain experience at the coalface to prototype a solution. The bar to building tooling has collapsed. If you've been carrying an idea around about how this should actually work — the triage layer, the maintainer-friendly intake, the signal-from-noise classifier, the etiquette gradient for first-time researchers — now is the moment. Go build it. We're going to need it.

A few weeks on, the news made the case for me. Two things landed in the same week. curl shipped version 8.21.0 carrying eighteen CVEs in a single release, with Stenberg noting the "security report volume has been intense lately." That's the discovery-and-fix multiplier in one changelog. And the Linux Foundation launched Akrites, a shared incident-response team for critical open source, on the explicit premise that finding a serious bug "used to take an expert weeks" and "now takes a machine minutes" — and that maintainers deserve "a coordinated partnership," not a flood of uncoordinated reports. Read one way, that's the cavalry I just told you not to wait for. Read the way I actually mean it: it's an institution finally naming the problem out loud — necessary, and nowhere near sufficient. Akrites is pointed at the critical projects. The 99.9% are still on their own.

The arc of the whole conversation, taken from a step back: the dog caught the car. The disclosure conversation is finally happening in public, on a scale we couldn't get traction on for twenty years. That's a real win and I won't pretend it isn't. But "happening in public" and "going well" are not the same thing, and the next few years are going to be rocky as the institutions, the economics, and the tools all catch up to each other. The people I'm betting on through that are the ones Josh and I ended on — the ones, as I put it, who are irrationally pissed off about problems they think they can solve. Those are the people who built the internet the first time. They're the ones who'll patch what's still standing.

Watch the full conversation here: https://www.youtube.com/watch?v=jc220dPkHq0