TLDR; Three posts ago I wrote baout house was on fire the most import question arises was what we should do next? The attackers already point LLMs at your code. This post is just: point the same LLMs at your own code first read the headers if you are busy. So far this series has been caffeinated me, telling everyone that the sky is falling. The 90 day window is dead.

TLDR; Score severity by collision count. Researchers ship patches not just reports. Companies redesign for a world where the exploit lands before the patch. No vendor pitch just a concrete playbook. The last post went further than I expected. NYT’s Hard Fork picked it up. The Lobsters thread had sharp questions. A few people made a fair point. “The model is broken” is a complaint not a proposal. So here is the proposal.

LLM generated code can ships demo logic with security issues not defenses. Here is a real world example and how it could be abused.