Comment by sebmellen
6 days ago
Just commenting for posterity… if this is what it claims to be, I am not looking forward to how it will empower the people who submit bug bounties to us.
Historically they’ve been people from certain identifiable countries (usually developing/poorer countries) using fuzzers with low-quality results.
Now, those same people use the current-day models to good effect, but they still don’t have a true security edge and oftentimes the reports are minor or duplicative.
I wonder if that’s about to deeply change.
I've been using Opus 4.6-4.8 in both my own and others' code to look for vulnerabilities, and I've found a few. I am also in the Cyber Verification Program.
Fable 5 gives me policy violation errors at the moment. No idea when or if it will be fixed.
Can you use AI to pre-triage the reports too?
AI reviewing AI submitted bug bounties. We have reached the dead bug bounty program theory.
...what else can you do?
1 reply →