The article argues that the traditional 90-day vulnerability disclosure policy is obsolete in the age of AI, as large language models have dramatically accelerated both bug discovery and exploit development. The author provides firsthand evidence showing how multiple researchers now independently find the same critical vulnerabilities within weeks, and calls for treating all critical security issues as P0 priorities requiring immediate patching.
Background
The 90-day disclosure policy, popularized by Google's Project Zero, has been an industry standard for responsible vulnerability disclosure, giving vendors time to develop patches before public disclosure.
- Source
- Lobsters
- Published
- May 11, 2026 at 02:06 AM
- Score
- 8.0 / 10