this post was submitted on 18 May 2026
428 points (98.6% liked)

Technology

84816 readers
3910 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
428
Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’ (www.theregister.com)
submitted 2 days ago by sanitation@lemmy.radio to c/technology@lemmy.world
79 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] reksas@sopuli.xyz 17 points 1 day ago (2 children)

they should make another mailing list for ai generated reports that they totally read, and ban anyone who submits slop to the main one. not sure how feasible it is since spammers will just generate new emails, but at least they would have something clear to point out the malicious intent.

[–] Holytimes@sh.itjust.works 9 points 1 day ago (1 children)

It would likely create more work and just result in two unmanageable mailing lists. Doubling the problem.

Sounds like the perfect solution!

[–] reksas@sopuli.xyz 2 points 1 day ago* (last edited 1 day ago)

the point being the mail list for ai slop is there just so it doesnt clog the actual one and anyone who breaks that can be blacklisted as malicious actor.

[–] hamsterkill@lemmy.sdf.org 1 points 1 day ago (1 children)

The problem isn't that AI is maliciously spamming the mailing list, it's that AI is able to find and report real or potential security vulnerabilities at rates that no human organization can process fast enough. Open source browsers and Linux have been slammed lately with vulnerabilities found by Mythos.

[–] reksas@sopuli.xyz 1 points 1 day ago (1 children)

Aah.. that is indeed a problem since the threats have to be dealt with fast once they are reported since they are now basically public..

[–] fruitycoder@sh.itjust.works 1 points 17 hours ago (1 children)

If a public tool can find a CVE in minutes to hours, it doesn't matter if some of the people using signed an NDA.

All it takes is someone how isn't going to report it to also find and exploit it

So the exploitation window doesn't start when it is reported it started at when the tool could have found it

[–] reksas@sopuli.xyz 1 points 15 hours ago (1 children)

llm sure have made world more shitty place..

[–] fruitycoder@sh.itjust.works 1 points 11 hours ago

I mean the alternitive, in this case, was security through obscurity, in which these exploits existed, could be reversed for years, and no one else would know .