oss-sec Debates Coordinated Disclosure for LLM Findings

The oss-sec mailing list hosted an extended thread about coordinated disclosure in the context of large language model (LLM) discovery. Jeremy Stanley opened the discussion on April 28, 2026, describing what he called a "seemingly unending deluge" of vulnerability reports produced with LLMs and asking whether traditional embargo handling remains viable, per the oss-sec archive. Greg Dahlman posted on April 28, 2026 that many model providers follow what he described as a "common dark pattern" of implicitly opting non-enterprise users into data collection, and he recommended a "maximum acceptable embargo period" of 14 days, citing model-training timelines in his message to oss-sec. Dahlman also quoted Cursor's security documentation about agent/file access in his post, as captured in the mailing-list thread. On May 20, 2026 an author using the handle ROI AI posted that making discovered issues public "is absurd and just exacerbates the asymmetry problem," and argued maintainers should keep reports private and consider bundling issues into one CVE, per the oss-sec archive. Alan Coopersmith wrote that other maintainers, including those for the Linux kernel and several DNS server projects, are experiencing similar report volumes, also recorded in oss-sec.

LLMs change the economics of discovery by lowering search and pattern-matching costs for both researchers and adversaries. Industry-pattern observations note that even short public disclosures can accelerate reuse and parallel rediscovery when provider training pipelines ingest prompts or outputs, and that this effect interacts with the differing costs of local vs. provider-based discovery (for example, running Qwen3.6-35B-A3B locally versus high token costs on a hosted API). Posts in the thread specifically surface three technical vectors: model-assisted scanning that increases report volume, the use of agentic pipelines to triage or reproduce reports, and provider policies around data retention and training that affect disclosure risk.

The oss-sec discussion reflects a broader operational tension between rapid public disclosure and defender workflows in an era where models can propagate signals quickly. Observers tracking similar conversations across open-source projects report maintainers are already adjusting triage practices and advisory processes as report volumes rise. The thread consolidates several practical pain points: embargo lengths relative to model-training windows, whether maintainers can safely use LLM assistance while preserving secrecy, and how to treat duplicates in high-volume streams.

For practitioners: Watch for vendor and provider statements or documentation clarifying whether prompts, completions, or derived artifacts are ingested into training corpora and on what timeline. Monitor whether major projects or distributions publish updated coordinated-disclosure guidance that references model-assisted discovery, and whether vulnerability-numbering authorities adopt new practices for bundling or classifying LLM-originated reports. Also track maintainer discussions on concrete triage changes, such as adjusted embargo defaults, increased private-reporting channels, or automated deduplication heuristics for high-volume inputs.