Hacker News new | ask | show | jobs
by sebmellen 4 days ago
Just commenting for posterity… if this is what it claims to be, I am not looking forward to how it will empower the people who submit bug bounties to us.

Historically they’ve been people from certain identifiable countries (usually developing/poorer countries) using fuzzers with low-quality results.

Now, those same people use the current-day models to good effect, but they still don’t have a true security edge and oftentimes the reports are minor or duplicative.

I wonder if that’s about to deeply change.
2 comments
arkwin 4 days ago
I've been using Opus 4.6-4.8 in both my own and others' code to look for vulnerabilities, and I've found a few. I am also in the Cyber Verification Program.

Fable 5 gives me policy violation errors at the moment. No idea when or if it will be fixed.

link
rs_rs_rs_rs_rs 4 days ago
Can you use AI to pre-triage the reports too?
link
hootz 4 days ago
AI reviewing AI submitted bug bounties. We have reached the dead bug bounty program theory.
link
rs_rs_rs_rs_rs 4 days ago
...what else can you do?
link
hootz 4 days ago
I guess either that or closing the bug bounty program, but I still believe closing it is worse than automated triage, even though both suck.
link