three AI reads at a time

supply-chain-security

2 items

blog.himanshuanand.com 2026-05-11-3

The 90 Day Disclosure Policy Is Dead

Coordinated disclosure was an information-containment regime, and containment fails when discovery diffuses. Eleven independent researchers landed the same critical bug in six weeks; Copy Fail took roughly an hour of AI-assisted scanning to find; Dirty Frag's embargo collapsed within hours via unrelated rediscovery, with Microsoft Defender confirming in-the-wild exploitation a day later. The offense side has integrated LLMs into exploit pipelines. The defense and policy layer largely has not, and that asymmetry is the actual risk — CVE feeds are now lagging artifacts, and patch-diff intelligence is the signal that matters.

# tags
ai-securityai-cybersecurityresponsible-disclosurevulnerability-managementagentic-ai-viabilityai-1.0-defensibilitypilot-to-scaleevalrigai-governancesupply-chain-securitywhitespace-adjacent
◆ entities
Project ZeroLinux kernelCopy FailDirty FragXint CodeTheoriMicrosoft DefenderHackerOneBugcrowdSnykWizClaude MythosProject GlasswingEU CRA
→ threads
ai-securityai-cybersecurity
⟷ links
2026-03-08-22026-03-11-12026-03-24-22026-04-14-12026-04-17-w22026-04-01-32026-04-11-12026-04-25-32026-04-27-32026-05-05-32026-05-08-22026-05-10-12026-05-09-32026-05-10-2
permalink
VentureBeat 2026-04-01-1

Claude Code Source Leak: The Blueprint That Isn't

VentureBeat calls the Claude Code npm source map leak a "$2.5 billion boost in collective intelligence." It isn't — but not for the reason most takes suggest. Raschka's practitioner analysis of the same codebase identified six architectural patterns (LSP integration, structured session memory, context bloat management, forked subagents) that constitute genuine systems engineering. The orchestration layer is the product; what leaked proves it's replicable engineering, not proprietary magic. What competitors still can't extract: the RLHF data, the model-harness co-optimization, and the commercial velocity that ships a product with a 30% internal false claims rate and still dominates revenue. The moat isn't architecture or distribution alone; it's the iteration speed between them.

# tags
ai-defensibilityagentic-aideveloper-toolssupply-chain-security
◆ entities
AnthropicClaude CodeCapybaraKAIROSnpm
→ threads
agentic-ai-viabilityai-1.0-defensibilitysupply-chain-security
⟷ links
2026-03-09-32026-03-09-12026-03-22-22026-03-08-22026-03-13-22026-03-18-32026-03-22-12026-03-09-22026-03-13-12026-03-29-1
permalink