LeftenantZero

This is the blog post that goes with the github repo -- it adds a bit of color to the results: https://t.co/Pv2cK6HwWb The FP problem is very real. There's also a consistency problem run over run that's in my opinion as serious as the FP issue. The harness is everything right now when it comes to actually using LLMs for vuln detection.

Long term , I think the current AI-powered vulnerability glut eventually turns into an AI-powered vulnerability drought. Historical stuff gets mined out and better code analysis tools reduce new easily-detectable bugs, even as code volume continues to increase. If you can use AI to find it after it's shipped, you can use AI to find it before it's shipped.

Critical security findings are only really stories because of how high friction disclosure and remediation is. In a world where finding leads to a lightning fast patch and low effort, safe upgrade, vulns become non-stories, unless they're particularly technically interesting or something.

Yeah, I think we'll look back at the last few months as the time when everyone simultaneously figured out how to apply ai to vuln research at scale. We need a solution for remediation that can keep up... without getting everyone owned with malicious packages. Disclosure process needs to be accelerated as well IMO.

Here's a cool trick for y'all looking to create new Nuclei templates for exploitable CVEs! Using CVEmap you can get a list of CVEs with public proofs of concept, that have been marked as exploitable by CISA, are remotely exploitable AND don't have a Nuclei template (yet)! Flags: -k / -kev: Marked as exploitable vulnerabilities by CISA -t=false / -template=false: Has no public Nuclei templates -poc: Has public published POC -re / -remote: is remotely exploitable Good luck! 🤞 #nuclei #hacking #pentesting #bugbounty #CVEmap

🚨Alert🚨 CVE-2026-32604(CVSS 10.0) &CVE-2026-32613(CVSS 10.0): The RCE Flaws Threatening Spinnaker Pipelines. 🧐Detail :https://t.co/hrTmgcY4pf 📊 2.2K Services are found on the https://t.co/g3tSyh13yE yearly. 🔗Hunter Link:https://t.co/mfU9A6tPJv 👇Query HUNTER : https://t.co/yFFcJwdIUc="Spinnaker" 📰Refer:https://t.co/GnZ3242iQn https://t.co/HgEMnOd2EK https://t.co/sHM5n3q4Vy #hunterhow #infosec #infosecurity #OSINT #Vulnerability