It does make me scared for what other dangers lurk since this was a really bad one and it was so little work to find.

Also of note: so many security issues lately have been done using AI. This report makes me think two things:

1. Expertise is still immensely valuable, the more niche, the more valuable.

2. There are lots of niches still where AI doesn't dominate...

```

does this look right to you? don't do any searches or check memory, just think through first principles

static int vpu_mmap(struct file fp, struct vm_area_struct vm) { unsigned long pfn; struct vpu_core core = container_of(fp->f_inode->i_cdev, struct vpu_core, cdev); vm_flags_set(vm, VM_IO | VM_DONTEXPAND | VM_DONTDUMP); / This is a CSRs mapping, use pgprot_device */ vm->vm_page_prot = pgprot_device(vm->vm_page_prot); pfn = core->paddr >> PAGE_SHIFT; return remap_pfn_range(vm, vm->vm_start, pfn, vm->vm_end-vm->vm_start, vm->vm_page_prot) ? -EAGAIN : 0; }

```

And it correctly identified the issue at hand, without web searches. I'd love to try something more comprehensive, e.g. shoving whole chunks of the codebase into the prompt instead of just the specific function, but it seems the latent ability to catch security exploits is there.

So then.... I wonder how this got out in the first place. I know I'm using a toy example but would love to learn more!

This makes me feel better about Google, but also makes me kind of frightened of the rest of Android. I wonder what Apple's response time is?

Feels like there’s something new every other day - linux, windows, mobile, various commonplace tools used by everybody, the list goes on