undefined | Better HN

0 pointsfl1pper6h ago0 comments

Where all of this is going? Will there be a dedicated servers running coding agents that iterate throught codebases for each company to find vulnerabilities 24/7?

0 comments

0123456789ABCDEnew7m ago

this has been the reality for while now

google has been running ClusterFuzz since ~2012, and naptime was announced in 2024 (https://projectzero.google/2024/06/project-naptime.html). they call it big sleep and codemender now.

openai announced aardvark last year, no they call it codex security.

Aurornis5h ago

More like: There will be a budget for tokens to be spent on security audits.

1000 different companies will be pitching your CTO their proprietary vulnerability scanning harness as the most cost effective.

colejohnson665h ago

So what already happens, but worse?

flomo1h ago

It's just another tool in the belt. Someone will say that's cheaper than rewriting in safe rust or whatever. (Apple must have a bunch of 1980s code written to 1980s standards. But that is their moneymaker.)

vessenes6h ago

Yes

jeffbee3h ago

Why shouldn't there be such things? We already have fuzzing, and responsible software publishers dedicate 24/7 resources to fuzzing.

j / k navigate · click thread line to collapse