Also, prompt your way to MoTaCon 🖖

Matthias writes about design and engineering as one, (it's a great read) and how in 1898, Frederick Winslow Taylor's answer to inefficiency was to separate the work that people did. Those who did t...

Vulnpocalypse the moment when language models can find zero-days and write working exploits faster than we can patch them.

Vulnpocalypse. We use it to describe the inflection point where LLMs are able to discover zero day vulnerabilities, and create zero day exploits, faster than we can patch.

An active and high-severity, real-world attack that deploys a zero-day exploit against targets before a patch is available. Because no fix exists, standard defences such as software updates offer no protection. Zero-day attacks are particularly dangerous in critical infrastructure, government systems, and enterprise environments. State-sponsored actors using the browser exploit to silently install surveillance software on journalists' devices, undetected, and with no defence available to victims, constitutes a zero-day attack.

Code or a technique that weaponises a zero-day vulnerability which turns a theoretical flaw into a working attack. Exploits may be developed by security researchers, government agencies, or criminal groups, and can be sold or traded on grey and black markets for significant sums. A piece of malware that takes advantage of the unpatched browser bug, silently executing code when a user visits a page, is a zero-day exploit.

Zero days is a colloquial term for the window of time between when a software vulnerability is first discovered and when a patch is issued, during which defenders have had zero days to respond. The phrase is used loosely to refer to the category of threats, exploits, and attacks that exploit previously unknown flaws. Often used as shorthand: "The breach used a zero day" means the attacker leveraged an unknown, unpatched flaw.