It probably already does! But you still have to benchmark it, support it, and tell your users to use it. If not, it is probably a 10-minute job to make it work with Fil-C. And unlike standard hardening, Fil-C can actually protect users from these AI-augmented exploits. 🔚

/HT @dinodaizovi

This means we are still at the beginning of the wave of AI-augmented exploitation of 0-days/n-days. It's going to get worse before it gets better. ⤵️

I would like to urge all software maintainers to try another actionable step, right now: go test if your software works with Fil-C! https://fil-c.org/ ⤵️

(For the context on why I say that high degree of non-overlap implies the existence of a lot more exploitable vulns, read Dan Geer's simple explanation of how you count frogs in a pond: https://x.com/dinodaizovi/status/2043317679017124181) ⤵️

The paper examines the actionable step of "Turn on ASLR and suchlike standard hardenings". It helps! Go do this now. But it does not help enough to protect users at scale during this wave. ⤵️

@zooko Hey this is ridiculously good! Basically, fil-c won't compile if there are memory safety issues?

Is it a more or less foolproof test for memory safety problems?

Neat!