I have no doubt that it’s a PR stunt not releasing this amazing thing that’s so incredible they can’t even show you! Their last code leak and showed brittle memory issues, AI generated functions with incredibly inefficient functions that appear to be designed to inflate API calls.
Open AI also immediately had a press release about another super secret project that they can’t show you that they also somehow released 6 months ago. The one that was already released is also too dangerous to be released!
PR stunt after PR stunt. Just trying to drum up more investors.
To be fair, such bugs can easily be worth quite a bit more. If it can indeed automate finding RCEs and similar for everyone with a few $10k, then that’s suddenly way more accessible than paying a guy in a basement somewhere a million in shitcoins for that RCE.
Maybe. But I am talking about both above the table and more shady government programs. Ever wonder where the guys at Pegasus and friends get their exploits from? They aren’t all super great hackers, they buy a lot of stuff, or so I heard. After all, for someone without money, it is a hard decision to be paid a year’s wages right now or to go the responsible disclosure route, and potentially get nothing.
And iirc the advertised price for juicy bugs in common platforms and apps was quite substantial. So, according to demand and supply, the price for such exploits was rather high, and is now significantly lower.
I have no doubt that it’s a PR stunt not releasing this amazing thing that’s so incredible they can’t even show you! Their last code leak and showed brittle memory issues, AI generated functions with incredibly inefficient functions that appear to be designed to inflate API calls.
Open AI also immediately had a press release about another super secret project that they can’t show you that they also somehow released 6 months ago. The one that was already released is also too dangerous to be released!
PR stunt after PR stunt. Just trying to drum up more investors.
https://www.sabrina.dev/p/claude-code-source-leak-analysis
Not to mention the Mythos red team report claims, even at the currently subsidized inference prices, it cost over $20,000 to find that OpenBSD bug
To be fair, such bugs can easily be worth quite a bit more. If it can indeed automate finding RCEs and similar for everyone with a few $10k, then that’s suddenly way more accessible than paying a guy in a basement somewhere a million in shitcoins for that RCE.
Or more likely, bounty programs will be shut down because of dealing with AI slop flooding their systems.
https://www.theregister.com/2026/01/21/curl_ends_bug_bounty/
Maybe. But I am talking about both above the table and more shady government programs. Ever wonder where the guys at Pegasus and friends get their exploits from? They aren’t all super great hackers, they buy a lot of stuff, or so I heard. After all, for someone without money, it is a hard decision to be paid a year’s wages right now or to go the responsible disclosure route, and potentially get nothing.
And iirc the advertised price for juicy bugs in common platforms and apps was quite substantial. So, according to demand and supply, the price for such exploits was rather high, and is now significantly lower.