[demorro]

Completely normal and expected.

People thinking that this isn't the case everywhere need a reality check. Most software is riddled with obvious security issues. If we can remediate them with AI, great, but don't be thinking that this is something that we could only have dealt with with AI. Enough attention and prioritization of these issues would also have sorted it.

Ask yourself if we weren't currently in an era of AI-focus and AI was just another boring tool, if we would be bothering to do this sort of thing. Loads of us still aren't bothering with basic static analysis.

[unshavedyak]

Heck, unless AI gets absurdly cheap - i feel like even this will be temporary. To your point, we don't do that now because it's not fun and no one broadly finances this sort of thing. However AI costs money, so why are we spending it now? I imagine it's just a temporary spend to explore the space, show what models are capable of, further embed usage of AI for future rugpulls, etcetc.

Point is unless it eventually becomes cheap enough that we all have this at home and can run SOTA analysis ourselves, this too will pass. I imagine it will get cheap enough fwiw, but.. yea.

[demorro]

Aye. The "use boring tech" advice isn't just about technical stability. You need to guard yourself against eventual boredom and ecosystem decay. Hype and enthusiasm can mask how likely these systems we put in place are to actually be maintained or used in the long term.

I'm sure that doesn't matter much to big tech folks seeking to fill that promotion packet though, or to executives seeking to demonstrate the overwhelming utility of this new income stream.

[prerok]

Presumably now we also have exploits written by AI, so I guess security has to be one-upped now?

Not that I expect companies to be more proactive now. I have been disillusioned of that long ago. With AI they could be at least a little bit more proactive, which I guess is a great selling point of AI to corporate.