Playbook
Tasteful Skills
“Tasteful Skills” argues that the best agent skills are not documentation or best-practice lists.
Back to Podcast Digest
AI Is Hacking Everything Now...
TL;DR
Theo says the old security playbook is broken — his core claim is that three assumptions no longer hold: only elite researchers find exploits, 90-day disclosure is enough, and turning a patch into a working exploit is hard.
AI has collapsed patch-to-exploit timelines from months to hours — he cites Jeff Kaufman’s writeup on the Linux “copy fail” saga, where a second party surfaced the security implications almost immediately and another independent report landed just 9 hours later.
Public commits are now basically exploit hints for models — in the example he quotes, Gemini 3.1 Pro, GPT-5.5 Thinking, and Claude Opus 4.7 all identified the copy fail fix as a likely security patch from the commit, with two of three still flagging it from the diff alone.
The blast radius goes way beyond Linux kernel bugs — Theo points to Socket finding 84 compromised TanStack packages, then another 121 compromised packages across 84 names, plus mentions GitHub RCE, curl vulns, Vercel, Canvas, and other ongoing supply-chain incidents.
His proposed fix is a new “trusted actors” disclosure tier — instead of maintainers learning privately while distro builders and enterprise defenders learn at the same time as attackers, he wants vetted intermediaries like Ubuntu or Red Hat maintainers to get earlier notice.
His personal operating model is basically ‘assume compromise, optimize for recovery’ — he’s treating all systems as already breached, focusing on ransomware resilience with offline backups, air-gapped copies, family safety words, SIM-swap protection, and fast OS patching paired with more cautious package updates.
The Breakdown
Security Armageddon, but with receipts
Theo opens in full alarm-bell mode, rattling off exploit after exploit: copy fail, copy fail 2, dirty frag, 84 compromised TanStack packages, curl bugs, and a Whiz Research RCE on GitHub that allegedly exposed millions of repos. His point is simple and angry: this isn’t random noise anymore — the pace and severity of breakage across core software feels like “the end of software as we know it” if the industry doesn’t adapt.
Copy fail as the canary in the Linux coal mine
He zooms in on copy fail, a Linux kernel bug affecting major distros because many don’t update kernels quickly enough. What makes it terrifying, in his telling, is how trivial root escalation becomes — he says even a tiny 732-byte Python payload hidden in a dependency could have been enough to own systems. The exploit itself is memory-window abuse, but the bigger story is that similar follow-ons like copy fail 2 and dirty frag appeared immediately.
The three security assumptions that just died
Theo lays out the old worldview: only highly paid experts find exploits, the 90-day CVE disclosure norm protects users, and patches don’t instantly turn into weaponized attacks. He argues AI has smashed all three. Anything that used to require deep expertise and lots of attention can now be done “in a for loop,” which he frames as the real reason this moment feels qualitatively different.
The Linux disclosure mess and the 9-hour wake-up call
Using Jeff Kaufman’s post, he explains the clash between coordinated disclosure and Linux’s “bugs are bugs” culture, where fixes often land quietly in public. In the copy fail case, Hun Wu Kim tried to fix things discreetly, but someone else inferred the security impact and publicized it, effectively ending the embargo; then another researcher independently reported the same issue 9 hours later. Theo treats that 9-hour overlap as the smoking gun that AI-assisted discovery has changed the game.
AI can read commits like exploit treasure maps
The scariest detail for him is the footnote: give the copy fail commit to Gemini 3.1 Pro, GPT-5.5 Thinking, or Claude Opus 4.7, and they can often tell it’s a security fix immediately. Even with just the diff, two of the three models still suspected a security patch. That means, in Theo’s view, anyone can spin up bots to watch Linux commits, identify juicy patches, and generate exploit paths before distros have shipped updates.
It’s not just kernels — JavaScript supply chains are getting hit too
Theo then swings to npm and cites Socket finding 84 compromised TanStack packages in an attack involving CI cache abuse, later expanding to another 121 compromised packages across 84 names. He’s visibly rattled here — “Jesus Christ. It’s over.” — and uses that reaction to make the broader point that AI lowers the skill floor for supply-chain attacks while increasing the number of people who can automate them.
His fix: semi-private open source and a new trusted middle tier
He says the old binary of “maintainers know” versus “everyone, including North Korean hackers, knows” no longer works. His proposed answer is a vetted “trusted actors” class — distro maintainers, enterprise defenders, maybe big vendors like Microsoft — who get earlier notice and can ship mitigations before full public disclosure. He goes even further, arguing open source platforms need new granularity: public projects with temporarily private staging branches, hidden PRs, and delayed code release for sensitive patches.
Negative-one trust: how he’s changing his own behavior
Theo closes on personal operational advice that sounds half practical, half sleep-deprived: assume every system is already compromised. He’s less focused on secrecy than on preventing ransomware and destruction, so he’s doing more backups, offline backups, air-gapped copies, and even sending drives to family. He also urges people to prepare their families for deepfakes, SIM swaps, and total device failure — while updating OSes fast, being more careful with package updates, and accepting that the trust model for software has already changed.
Share
Keep Reading
Two Ways to Follow
The Weekly Echo. The inbox-shaped summary of what mattered.
New editorials announced here.
