7 min read
The 97% Number: What Happened When We Automated Security Triage
We automated security alert triage to a 97% noise-reduction rate — then a suppression rule went stale and nearly let a production vulnerability through unnoticed.
3 posts tagged with “observability”
We automated security alert triage to a 97% noise-reduction rate — then a suppression rule went stale and nearly let a production vulnerability through unnoticed.
AI slop killed curl's seven-year bug bounty program. Then AI-powered research found 170 real bugs in the same codebase. The difference was not the technology. It was the methodology. What the curl saga teaches every security team about the gap between AI noise and AI discovery.
Why “show your work” is a control surface, not a UX detail — and how evidence packets, confidence bands, and verification gates prevent the false confidence tax.