|
|
Log in / Subscribe / Register

What about the price?

What about the price?

Posted Apr 24, 2026 12:29 UTC (Fri) by jmalcolm (subscriber, #8876)
In reply to: What about the price? by anselm
Parent article: Firefox: The zero-days are numbered

> how many false positives the model produces

That is not how this is going to work.

1 - Identify a candidate vulnerability
2 - Verify the vulnerability
3 - Exploit the vulnerability

A CVE requires all three and the AI can do all three. But at a minimum, we would expect the first two.

We do not care about all the "potential vulnerabilities" the system may uncover. We only want to know about the ones that have been confirmed NOT to be false positives. Verification is much easier than identification. There is absolutely no reason to have an AI doing identification and then pushing the work of verification on to us.

to post comments

What about the price?

Posted May 13, 2026 7:51 UTC (Wed) by daenzer (subscriber, #7050) [Link]

> 1 - Identify a candidate vulnerability
> 2 - Verify the vulnerability
> 3 - Exploit the vulnerability

There are false positives at all 3 steps, so your point remains unclear.

> There is absolutely no reason to have an AI doing identification and then pushing the work of verification on to us.

There's no substitute for human verification.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds