[gman2093]

Black hat hacking seems to be a well-fit use case for these LLMs. Attackers only need to be right once, so the sometimes-wrongness of the attacks might be trivial. This probably devalues stashes of zero-day exploits for those that have been witholding them.

[fwbruno]

I do not personally hoard these exploits. My personal experience has been that responsible disclosure already has little to no economic incentive. I have gone through the pain of rigorously documenting and disclosing zero-day exploits through the official channel, and the vendor categorized it as Won't Fix, Intended Behavior. I feel that AI discovery devalues these disclosures even more because these bugs can now be discovered independently before anyone can act on them.

[BLKNSLVR]

I wonder if that means we're going to see an increase in the attempted 'leveraging' of hoarded zero days lest they get publicised and patched prior to being profitable.

[t-writescode]

This stance doesn't make sense. They have the same access that the rest of the public does; and, any Red Team member is going to be doing the exact same thing.