Everything is pwn’d now
TL;DR
Theo says the old security model is dead — the assumptions that only elite researchers find exploits, 90-day disclosure is enough, and turning patches into exploits is hard have all collapsed under AI-assisted vulnerability discovery.
Copyfail is his emblem for the crisis — a Linux kernel bug affecting major distros enabled trivial root escalation via as little as 732 bytes of Python, and follow-on variants like Copyfail 2 and Dirty Frag showed how quickly one bug class spawns more.
Patch-to-exploit has become machine-speed — citing Jeff Kaufman’s writeup, Theo highlights that Gemini 3.1 Pro, GPT-5.5 Thinking, and Claude Opus 4.7 could infer security significance from the Copyfail fix, meaning bots can now watch public diffs and tee up attacks in hours.
Disclosure norms are failing both maintainers and users — in Linux, distro maintainers like Ubuntu or Mint often aren’t included in private disclosure, so they can learn about critical fixes effectively alongside attackers even though users depend on them for patches.
This is broader than Linux: supply-chain attacks are piling up — Theo points to Socket’s discovery that 84 TanStack npm packages were compromised, plus another 121 packages across 84 names, as evidence that CI, npm, and web app ecosystems are all under pressure.
His practical advice is brutally simple: assume compromise and optimize for recovery — he recommends treating systems as already breached, prioritizing offline and air-gapped backups, patching OSes quickly, being more cautious with package updates, and even setting family safe words against AI scams.
Summary
Security Armageddon, Delivered Rapid-Fire
Theo opens with a wall of recent disasters — Copyfail, Dirty Frag, a curl bug, GitHub RCE via a single git push, and compromised TanStack packages — to make one point: this isn’t a normal bad week. He says he warned about a security “Armageddon,” but even he didn’t expect it to get this brutal this fast.
Copyfail and Why 732 Bytes Matters
He zooms in on Copyfail as the nightmare example: a broadly relevant Linux kernel bug that can lead to trivial root escalation, even from a tiny Python payload. The detail that sticks is his warning that “732 bytes” hidden in a popular Python library could have pwned huge numbers of machines, especially because distros often lag kernel updates.
The Three Security Truths That No Longer Hold
Theo lays out the old model software relied on: only well-paid experts could find exploits, 90-day disclosure gave enough time, and patch-to-exploit was hard. His core argument is that AI blows up all three, because anything that once required careful human attention can now be run “in a for loop” if you have enough tokens.
Jeff Kaufman’s Copyfail Story Changes the Stakes
Using Kaufman’s writeup, Theo explains how Copyfail 2 surfaced when someone noticed a fix and inferred its security impact, effectively ending the embargo. The part that freaks him out most: a second party independently reported the same major exploit just 9 hours later, which he treats as evidence that the timeline has collapsed from months to hours.
A Bot Can Read Your Commits Now
Then comes the footnote that really sets him off: Kaufman tested Gemini 3.1 Pro, GPT-5.5 Thinking, and Claude Opus 4.7 on the Copyfail fix, and all three recognized the full commit as security-relevant. Theo’s conclusion is blunt — if models can flag likely security patches from diffs, they can be wired into bots that monitor Linux commits and start generating exploit paths immediately.
Linux Distros, npm, and the Expanding Blast Radius
He argues distro maintainers are stuck in an absurd position because they’re responsible for shipping safety to users without necessarily being in the disclosure loop. Then he broadens out to JavaScript: Socket found 84 compromised TanStack packages, later expanding that to another 121 packages across 84 names, which Theo uses as proof that AI-fueled supply-chain automation is hitting every ecosystem at once.
His Big Fix: Trusted Actors and Semi-Private Open Source
Theo’s most controversial proposal is a new disclosure tier between maintainers and the general public: “trusted actors” who are verified and can get advance warning. From there he goes further, arguing open source may need staging branches, delayed code visibility, or private security rollouts — essentially a more granular GitHub where patches can ship before every exploit clue is public.
Negative-One Trust: How He’s Living Now
On the personal side, Theo says he’s moved past trying to prevent leaks and is now focused on surviving ransomware and destructive loss. That means assuming compromise, doing offline backups, considering extra Synology or air-gapped storage, being careful with tools like npx, helping family set up safe words and document backups, and patching core systems fast even while being wary of package-level supply-chain poison.
Was This Useful?
Share
Keep Reading
Make Alcreon Yours
Tune your feedFive quick questions, and the feed ranks what matters to you first.Or just get notified
The weekly Echo. Signal worth keeping in your inbox.
Every new piece, announced on X.
Read Next
See all
Playbook
The Retirement Email Isn't a Warning
Model retirements now arrive every few weeks; the config-eval-rehearsal loop turns each deprecation email from a fire drill into an afternoon swap.

Playbook
The Cheapest Model That Passes
OpenRouter lists 400 models behind one API. The fix for choosing isn't a better leaderboard, it's a four-step protocol that ends in a real eval.

Playbook
Cheap Models, Hard Tasks
Most agent workflows route every step to the frontier model by default. The bill scales with how chatty the agent gets, even when most steps don't need that brain.