Original Reddit post

Our research team has just published this paper and I thought one of the ideas was worth discussing here. The basic argument is that the CRA was written for a world where vulnerability discovery, exploitation and patching all happen at a human pace. That’s no longer a safe assumption. The paper goes through which parts of the regulation are still solid, and which ones could come under pressure as AI agents become more capable. Would be interested to hear other perspectives, especially from people who’ve had to deal with the CRA in practice. https://arxiv.org/pdf/2607.07109 submitted by /u/Obvious-Language4462

Originally posted by u/Obvious-Language4462 on r/ArtificialInteligence