惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Google Online Security Blog
Google Online Security Blog
S
Security @ Cisco Blogs
Recent Commits to openclaw:main
Recent Commits to openclaw:main
人人都是产品经理
人人都是产品经理
The Hacker News
The Hacker News
W
WeLiveSecurity
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
The Cloudflare Blog
博客园 - 司徒正美
雷峰网
雷峰网
L
LINUX DO - 最新话题
博客园 - 叶小钗
云风的 BLOG
云风的 BLOG
The Last Watchdog
The Last Watchdog
V2EX - 技术
V2EX - 技术
S
Security Affairs
有赞技术团队
有赞技术团队
月光博客
月光博客
T
Threatpost
T
Tor Project blog
O
OpenAI News
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
V
V2EX
Know Your Adversary
Know Your Adversary
Project Zero
Project Zero
博客园 - 三生石上(FineUI控件)
D
Docker
AWS News Blog
AWS News Blog
AI
AI
P
Proofpoint News Feed
K
Kaspersky official blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
D
Darknet – Hacking Tools, Hacker News & Cyber Security
www.infosecurity-magazine.com
www.infosecurity-magazine.com
S
Securelist
F
Fortinet All Blogs
F
Full Disclosure
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
量子位
Hacker News - Newest:
Hacker News - Newest: "LLM"
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
P
Palo Alto Networks Blog
Cyberwarzone
Cyberwarzone
Cisco Talos Blog
Cisco Talos Blog
美团技术团队
N
News | PayPal Newsroom
T
The Blog of Author Tim Ferriss
MyScale Blog
MyScale Blog

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
Beautifully Broken: AI Is Not Creating the Vulnerability Crisis. It Is Collecting the Tax.
Mr. 0x1 · 2026-05-04 · via DEV Community

Our tests were green. That was the first lie.

The dashboard glowed. The pull request passed. The build moved through the pipeline and into production. We treated this as proof. It was not proof. It was a ceremony — the institutional gesture that told everyone standing near the machine that we had done the responsible thing.

A coverage report can tell you that a line of code was executed. It cannot tell you that a lie was cornered there. Google's own guidance on code coverage makes this explicit: coverage is a lossy, indirect metric, and high percentages can manufacture a false sense of security. Mutation-testing tools say the same thing with sharper words. PIT and Stryker both make the same point: code execution is not fault detection. Those are two different activities. We conflated them for years because green was cheaper than correct.

This is the quiet problem that AI is now making loud. Software did not become fragile when large language models arrived. It was already fragile. The assumption debt had been accumulating since the first green build badge was treated as a guarantee. AI has not invented the crisis. It has sent the collector to the door.


The performance of testing

A unit test is a question. The question you remembered to ask. The question you phrased in terms that matched your understanding of the code at the moment you wrote it. It checks what you expected, in the order you expected, using the data you happened to think of at the time.

That is useful. It is not sufficient.

The mutation-testing community has been making this argument since at least the early 2000s, and the tools that implement it are now mature enough that this is no longer a theoretical objection. PIT, the Java mutation-testing framework, introduces small deliberate faults into your code — a changed conditional, a removed return value, a flipped sign — and then checks whether your test suite catches them. If your tests pass despite the mutation, the tests were not testing what you thought they were testing. They were confirming that the code ran, not that the code was correct.

Stryker makes the same argument for JavaScript. The pattern is universal: we measure whether code was touched, then we mistake touching for proving.

The coverage dashboard is the most trusted liar in the modern software organization. It tells you precisely how much of the code was executed and says nothing about whether any of it was challenged. A team with 92% coverage and a mutation score of 30% — the share of injected mutants the test suite actually caught — has spent enormous energy producing a story that will not survive contact with a real failure. A team with 60% coverage and a mutation score of 70% has a smaller story, but a more honest one.

I have watched immaculate test suites miss absurd defects because the suite was proving the story we wanted, not the behavior we shipped. The dashboard told us we were safe. We believed it. We were wrong to believe it.


The assumption stack

Software is not one assumption. It is an assumption stack.

You assume the function means what its name suggests. You assume the assertion in the test actually fails on wrong input. You assume the framework does not swallow the edge case silently. You assume the retry loop does not create a duplicate record. You assume the deployment flag applies to all instances. You assume the dead code path is actually dead. You assume the operator knows the blast radius of the tool they are about to run.

Each layer is plausible. Each layer is usually correct. Together they form a structure that stands until one of them fails — and then the failure does not announce which brick moved first.

This is how old bugs survive in mature software. They are not hidden by malice or incompetence. They are hidden by normality. Heartbleed sat in OpenSSL for two years. The function trusted the peer-supplied length field. That assumption was written into code by a human, reviewed by humans, and passed through test suites used by a vast ecosystem of security-aware developers. It was normal right up until it was not.

Log4Shell was not a new category of attack. It was a decades-old pattern — treat logged text as executable JNDI lookup material — that had been normalized until it looked like a feature. The convenience was too useful to question. The assumption became invisible.

Knight Capital lost $440 million in 45 minutes not because its engineers were reckless but because the assumption stack included a dead code path, a reused deployment flag, an incomplete rollout, and a missing final review gate. Each assumption was individually plausible. Together they were catastrophic. The SEC order on the incident is worth reading not as a horror story but as a map: here is what it looks like when layers of reasonable assumptions fail in sequence.

The stack does not announce itself. That is what makes it dangerous.


AI as tax collector

When Google's AI-assisted fuzzing work reported 26 new vulnerabilities, including a flaw in the OpenSSL project that Google says was likely present for roughly two decades, this was not a story about what AI invented. It was a story about what already existed. The code was not born guilty on the morning of the report. It had been carrying the vulnerability for 20 years through routine audits, security reviews, and continuous fuzzing by human engineers. AI found the witness and took the statement.

OSS-Fuzz had already been making this argument at scale. The project says it has helped identify and fix more than 13,000 vulnerabilities and 50,000 bugs across mature, heavily tested open-source software. These are not new categories of failure. They are old failures that better instrumentation finally reached.

Project Zero's Big Sleep extended the principle from fuzzing to agentic vulnerability research. The system found a real, exploitable stack buffer underflow in SQLite before release — not in some obscure codebase but in software that ships inside virtually every application on earth. The flaw was not AI-generated. It was SQLite-generated. AI shortened the interval between "the assumption exists" and "someone notices."

That is the real change. The old comfort — a flaw nobody found does not really count — is now expensive. If an agent can find it by Tuesday, it was costing money on Monday.

The AI layer also introduces its own new tax. LLM systems do not only expose old code assumptions; they introduce new trust-boundary assumptions that live in prompts and system instructions rather than in C or Java. OWASP places prompt injection at the top of its LLM risk list. Meta's CyberSecEval 2 found that prompt injection attacks succeeded between 26% and 47% of the time across tested models. Microsoft's Skeleton Key demonstrated that a multi-turn attack could walk a model through its own guardrails. OpenAI's current guidance draws the correct conclusion: the defense is not detecting every attack, but building systems where the impact of a successful attack is bounded even when detection fails.

This is not a prompt-writing problem. It is an adversarial systems problem. The assumption that the system prompt was a control plane is the new version of the assumption that peer-supplied length fields were trustworthy. Different decade. Same bill.


Deeper testing layers

The way out is not more tests. It is better instruments of disbelief.

Mutation testing is the first upgrade. It does not check whether your code ran. It checks whether your tests would notice if the code were subtly wrong. Run PIT or Stryker. Read the surviving mutants. They will tell you exactly which assumptions your suite was politely refusing to examine. If a mutant that removes a null check survives your test suite, your test suite does not know the null check exists. This is the discovery, and it is uncomfortable every time.

Deterministic simulation testing goes further and colder. FoundationDB built its entire testing strategy around simulation because the engineers understood that distributed systems fail in ways no example-based test can reach. Clocks lie. Thread interleavings are not uniform. Disks fail mid-write. Retries arrive out of order. Their simulator could control all of these variables, inject arbitrary faults, and replay any sequence that produced a failure. Backed by roughly a trillion CPU-hours of simulation, the result was a database that could survive failures most databases could not even detect. Antithesis generalizes the lesson to any software: if you can control clocks, fault schedules, and seeded randomness, you can replay the crime scene instead of filing a complaint about it. Turmoil brings the same discipline to Rust-based distributed systems. The thesis is uniform: testing that cannot distinguish between the universe cooperating and the universe refusing to cooperate will miss the important bugs.

Chaos engineering makes the discipline operational. The original Netflix work was not theater. It was the discipline of defining steady state, forming a hypothesis about system behavior under turbulence, and then disturbing steady state to test the hypothesis. That is a scientific posture, not an operational stunt. Build systems you expect to disprove. The assumption stack is not proven safe by surviving ten thousand normal requests. It is tested by controlled experiments designed to attack its weakest points.

Adversarial AI testing is the newest layer and the least mature. PyRIT from Microsoft, Prompt Shields, GPTFuzzer-style research harnesses, and benchmark suites like CyberSecEval are the current instruments. The practice is still taking shape. But the intellectual move is identical to what mutation testing makes at the code layer: do not check whether the model handles your expected inputs. Check whether it handles adversarial inputs designed to make it fail in the ways that hurt most. Prompt injection, indirect injection through retrieved documents, unsafe tool use, context-window manipulation — these are active techniques with documented success rates. Test them before your adversaries do.

Truth layers — the layers where the system's story becomes harder to fake: instruction flow, kernel events, packet movement — sit beneath all of this as diagnostic infrastructure. When the abstraction lies — when the log says one thing and the behavior is another — go lower. Intel Processor Trace provides instruction-level control flow with limited execution overhead. Linux kernel tracing exposes scheduler decisions, syscalls, and hardware events. Packet capture gives you the network record: whether the request was sent, when the response arrived, what happened in the gap. These are not test strategies. They are evidence sources. When an incident cannot be explained from the application layer, descend. The machine keeps a harder record than the code.

flowchart TD
    A[Green dashboard / passing tests] --> B[Confidence proxy treated as proof]
    B --> C[Assumption stack accumulates]
    C --> C1[Application logic layer]
    C --> C2[Framework and runtime layer]
    C --> C3[Concurrency and clock layer]
    C --> C4[Kernel, network, and operator layer]
    C1 & C2 & C3 & C4 --> D[Latent defect]
    D --> E[Traditional testing misses path]
    E --> F{Better instrument}
    F --> F1[Mutation testing]
    F --> F2[DST / simulation]
    F --> F3[Chaos engineering]
    F --> F4[AI fuzzing / adversarial testing]
    F --> F5[Truth-layer tracing]
    F1 & F2 & F3 & F4 & F5 --> G[Exposure]
    G --> H[CVE · outage · exploit · data loss]
    H --> I[The tax is paid]

Enter fullscreen mode Exit fullscreen mode


What must change

Code is cheaper now. Generation is abundant. The scarce thing is not syntax but contradiction.

The valuable engineer in this environment is not the one who produces ten thousand lines by noon. It is the one who builds a harness, a fault schedule, a property check, a mutation suite, a simulation environment, or an adversarial prompt set that forces those lines to confess what they are.

Spend less time admiring how fast the machine produces answers. Spend more time building systems that punish your assumptions for being wrong.

The tax was always owed. AI has merely made the collector more efficient.


The assumption stack is not new. The audit is.


References

  • Google Testing Blog: Code Coverage Best Practices — coverage as a metric that measures execution, not correctness
  • PIT Mutation Testing — fault detection vs. execution
  • Stryker Mutator — mutation testing for JS/TS/C#
  • OSS-Fuzz — 13,000+ vulnerabilities, 50,000+ bugs
  • Google Security Blog: AI-assisted fuzzing and CVE-2024-9143 in OpenSSL
  • Project Zero: Big Sleep — SQLite vulnerability found pre-release
  • Principles of Chaos Engineering
  • FoundationDB: Testing Distributed Systems
  • Antithesis — deterministic simulation platform
  • Turmoil — Rust distributed systems simulation
  • OWASP Top 10 for LLM Applications — prompt injection at #1
  • Meta: CyberSecEval 2 — prompt injection success rates
  • Microsoft: Skeleton Key and Prompt Shields
  • OpenAI: Prompt injection defense guidance
  • SEC Order: Knight Capital Group (2013)
  • Apache: Log4j security page / Log4Shell
  • OpenSSL: Heartbleed advisory
  • AWS: S3 service disruption postmortem (2017)
  • Intel: Processor Trace documentation
  • Linux kernel: Tracing documentation