The down side of quality OSS model is the "vibe hacking" campaign will no longer be able to be traceable. But this is just the beginning, from what we've seen, claude code agent highly capable of decompiling firmware and finding trivial 0day to exploit like command injection,

This seems a good example show the AI extreme capacity of finding critical pathways to exploit an trivial command injection from unauthenticated entry point. It fairly trivial for claude code to enumerate network for services and internet search for source code and firmware to

This new 0day found by Google Big Sleep if not via fuzzing harness but purely by reasoning would be super cool! Coincidence with the Gemini 3 seems pretty strong released today. chromereleases.googleblog.com/2025/11/stable… Remind us the Man Yue Mo inline cache blog and the history of this surface:

Look like we have a "hint" (or probably confirmation) about how Big Sleep casting it magic :) Thank Saelo for the slides! powerofcommunity.net/2025/slide/s-9…

In fuzzing, AFL marked the beginning of the age of scale, and now we are back into an age of research?

TLDR: they burned their token to scan 2849 contracts and found 2 low hanging fruit issues that nearly extinct long ago.

We still finding the line to draw between AI and human bug hunter across different env and our Agent still pushing us very hard.