Four coordinated-disclosure vulnerabilities in Siemens SICAM S8000, fixed in V26.20 and published as SSA-229470 — debug code shipped to production, an insecure-by-default OPC UA server, a broken RBAC boundary, and a container model with the isolation removed.
Two coordinated-disclosure vulnerabilities in OpENer, a widely embedded EtherNet/IP stack — a stack-based overflow and an accepted truncated write — and the two silences it took a public forcing function to break.
The 2024 Linux kernel CNA created downstream consequences nobody fully anticipated — NVD enrichment strain, distribution-CNA friction, and an AI-assisted report flood. On May 15, 2026, the kernel community shipped its first comprehensive synthesized response. A reading of the new docs from the perspective of an AI-assisted researcher who shipped a patch into the same window.
A practitioner's field report comparing Codex CLI and Claude Code for vulnerability research. Claude Code excels at architecture and ideation, but Codex delivers more disciplined, trustworthy findings during active testing — with fewer false positives and less researcher time wasted on invalidation.
I spent a month auditing 9 AI agent frameworks using consistency analysis. 18 advisories filed across familiar bug classes — SSRF, auth gaps, path traversal — all rooted in the same pattern: abstractions constrain, but engines accept.