These two bits stand out to me:

> The security researchers are not special, the insight and confidentiality are

vs

> The bottleneck now is not finding potential issues but assessing which ones are real. Unless there’s already a trust relationship, external researchers can’t meaningfully contribute

My take-away from this is that the researchers were special all along and you should probably be building a trust relationship with them.

Despite what I want to believe about tech being a meritocracy, the reality is that trust plays an extremely important role and without it we risk a collapse of our open source software ecosystem.

One of my biggest criticisms of AI is the trust vacuum within which it operates