shahartal
Born on July 14, 2013•99 Karma
Just to clarify - all the vulnerabilities were found manually by a very real human, Yarden Porat.
The writeup was mostly human-written as well, just aimed at a broader audience - which explains the verbosity. We did work with a content writer to help shape the structure and flow, and I totally get that some parts read a bit “sheeny.” Feedback noted and appreciated - and yep, there’s more coming :)
btw likely missed with the direct link - we also found pre-auth RCE in CyberArk Conjur - cyata.ai/vault-fault
Well written? AI. Poorly written? AI. Has a non-sequitor? AI. No non-sequitors? AI. Includes an em-dash (added automatically by Word for almost two decades)? AI. No em-dashes? AI.
Eventually, hopefully, dang will declare "I think this was written by AI" to not be a productive topic for comments, just like commenters are already encouraged to engage with the strongest and best form of the ideas presented instead of attacking the most easily taken down strawman interpretation of them, but until then we all have to scroll through it on every post, no matter how well written it is, as yours is.
Rhetorical faults are consistently discussed when security disclosures and notifications come up. How egotistical are the finders? Does it deserve a microsite? Does it deserve a logo? Similarly, why is the vendor response so vague? Why does it seem so weasel-like? Did they lie in this one place...?
The problem with AI writing is that it doesn't have a voice, is not typically good, and interferes with the ethos and pathos the author is trying to develop. It's verbose, and typically telegraphs a lack of editing or real review.
That humans still care about these things isn't a problem for dang to sort out. It's something that authors should continue to think about carefully before putting out automatically-generated content under their name.