[firesteelrain]

Question was about high licensing fees and which tools I was referring to

I’m not claiming Defensics or OpenText DAST tools are magical “find all kernel vulns” buttons

My point is more that mature fuzzing ecosystems already existed before the recent AI-driven approaches. Protocol fuzzers, syscall fuzzers, coverage-guided fuzzers, sanitizers, dynamic analysis, etc. have all historically found serious kernel bugs

[tptacek]

We might just be talking past each other. My question, from upthread, is this: the heyday of AFL was over a decade ago. Every major platform company fuzzes at a scale that I think is difficult for lay practitioners to get their heads around. They contract, quarterly, soup-to-nuts assessments from competing software security companies, who get full source access and are measured against each other by the quality of their findings. They run bounty programs specifically to direct public researcher attention to these exact findings.

Why didn't "mature fuzzing ecosystems" find the vulnerabilities AI is now finding? It's a pretty big gap in the "fuzzing tools already do this" logic!

[firesteelrain]

> Why didn't "mature fuzzing ecosystems" find the vulnerabilities AI is now finding? It's a pretty big gap in the "fuzzing tools already do this" logic!

Because they simply aren’t ran. That’s my entire argument

[tptacek]

You're wrong about that.

[firesteelrain]

How? If the tools were ran the same findings may have occurred.

[tptacek]

No, the point is they are very different tools that produce very different outcomes. Your syllogism doesn't work.

[firesteelrain]

Claude et al have “skills” that are basically containers of tools. It’s not a huge leap to say that similar tools are in use within these containers or even same. We don’t know.