Vulnerability Research Is Cooked — Quarrelsome

AI coding agents are on the verge of fundamentally disrupting vulnerability research. Anthropic's Frontier Red Team demonstrated that a trivial bash script looping Claude Code prompts over source files can generate hundreds of validated high-severity vulnerabilities with near-100% exploitability confirmation. This shifts exploit development from a scarce, elite human skill to a commodity available to anyone. The implications are severe: unglamorous but critical targets like routers, printers, hospital systems, and IoT devices — historically protected by the scarcity of elite attention — will now face automated, comprehensive zero-day discovery. Layered defenses like sandboxes and memory-safe languages buy time but won't hold indefinitely as agents learn to chain full exploits. The author also warns that incoming AI regulation, driven by ransomware headlines, risks imposing asymmetric costs on defenders while leaving open-weight models unaffected. Most human vulnerability research — which relies on determination, luck, and pattern-matching rather than novel science — is likely to be supplanted by agents within the near future.