[fl1pper]

Where all of this is going? Will there be a dedicated servers running coding agents that iterate throught codebases for each company to find vulnerabilities 24/7?

[0123456789ABCDE]

this has been the reality for while now

google has been running ClusterFuzz since ~2012, and naptime was announced in 2024 (https://projectzero.google/2024/06/project-naptime.html). they call it big sleep and codemender now.

openai announced aardvark last year, no they call it codex security.

[Aurornis]

More like: There will be a budget for tokens to be spent on security audits.

1000 different companies will be pitching your CTO their proprietary vulnerability scanning harness as the most cost effective.

[colejohnson66]

So what already happens, but worse?

[flomo]

It's just another tool in the belt. Someone will say that's cheaper than rewriting in safe rust or whatever. (Apple must have a bunch of 1980s code written to 1980s standards. But that is their moneymaker.)

[jeffbee]

Why shouldn't there be such things? We already have fuzzing, and responsible software publishers dedicate 24/7 resources to fuzzing.

[pjmlp]

Yes, this is quite similar to proper configured CI/CD pipelines, which unfortunely are still a minority across the industry.

[vessenes]

Yes