three AI reads at a time

Copy Fail

1 item

blog.himanshuanand.com 2026-05-11-3

The 90 Day Disclosure Policy Is Dead

Coordinated disclosure was an information-containment regime, and containment fails when discovery diffuses. Eleven independent researchers landed the same critical bug in six weeks; Copy Fail took roughly an hour of AI-assisted scanning to find; Dirty Frag's embargo collapsed within hours via unrelated rediscovery, with Microsoft Defender confirming in-the-wild exploitation a day later. The offense side has integrated LLMs into exploit pipelines. The defense and policy layer largely has not, and that asymmetry is the actual risk — CVE feeds are now lagging artifacts, and patch-diff intelligence is the signal that matters.

# tags
ai-securityai-cybersecurityresponsible-disclosurevulnerability-managementagentic-ai-viabilityai-1.0-defensibilitypilot-to-scaleevalrigai-governancesupply-chain-securitywhitespace-adjacent
◆ entities
Project ZeroLinux kernelCopy FailDirty FragXint CodeTheoriMicrosoft DefenderHackerOneBugcrowdSnykWizClaude MythosProject GlasswingEU CRA
→ threads
ai-securityai-cybersecurity
⟷ links
2026-03-08-22026-03-11-12026-03-24-22026-04-14-12026-04-17-w22026-04-01-32026-04-11-12026-04-25-32026-04-27-32026-05-05-32026-05-08-22026-05-10-12026-05-09-32026-05-10-2
permalink