Comment by TacticalCoder

> I suspect it's not very significant: we're flushing a 20+ year backlog, and generally the rate at which vulnerabilities are created is lower today.

The thing is: if these new AI tools can find a backlog of old bugs, these tools can very obviously be used on code that hasn't been pushed yet. And they'll find potential bugs there too. And so the rate at which new vulns are created is soon going to be even much, much, much lower.

Now of course I'm talking about serious projects like the Linux kernel in TFA: real stuff that powers the real-world. If we're talking about OpenClaw who decided to launch a startup based on a "Write me a clone of MySpace but with a Web design from the 2020s" prompt, then all bets are off.

The nice thing with using AI tools to find bugs is that there's not much ambiguity: a bug, if proven to be a bug, has to be squashed. It doesn't matter how it was found: even the AI doubters can accept there's a bug and that something has to be done about it.

Using AI tools to fix bugs in the Linux kernel is IMO much more impressive than "Write me the 10 000th MySpace clone but using a Web design from the 2020s".