"This is true by definition as the QuickJS vulnerability was previously unknown until I found it (or, more correctly: my Opus 4.5 vulnerability discovery agent found it)."
Makes little difference, whoever or whatever finds the initial exploit will also do the busywork of working around mitigations. (Techniques to work around mitigations are initially not busywork, but as soon as somehow has found a working principle, it seems to me that it becomes busywork)
https://github.com/nobodyisnobody/docs/blob/main/code.execut...
Original publication in 2017:
https://m101.github.io/binholic/2017/05/20/notes-on-abusing-...