A week ago, the Copy Fail vulnerability was exposed. Hyunwoo Kim immediately realized that the official fix was insufficient and submitted a patch on the same day. In doing so, he followed standard procedures in the Linux domain—particularly within networking: notifying specific members of the Linux security engineering team about the security impact while efficiently addressing the flaw through public channels but under low visibility. His goal was to release only the raw patch, effectively "quarantining" the news of a serious vulnerability by establishing an understanding among those aware to maintain silence for several days. However, someone noticed this change, recognized its underlying security implications, and brought them into the open. Once the leak occurred, the quarantine agreement was deemed terminated, and full details of the vulnerability were disclosed. This incident highlights tensions between two distinct approaches to handling vulnerabilities and prompts reflection on how AI acceleration may reshape current practices. On one side lies the culture of "coordinated disclosure." This remains the most widely adopted method in computer security: upon discovering a vulnerability, privately notify maintainers and grant a reasonable remediation period (typically 90 days) to ensure patches are ready before public disclosure. On the other stands the "vulnerability-as-vulnerability" philosophy, particularly prevalent in the Linux community. Its core argument holds that if the kernel performs operations it should not execute, then inevitably someone can exploit it as an attack vector. Therefore, fixes must be deployed swiftly without drawing attention. Amidst vast volumes of code changes, such patches often go unnoticed, buying time for systems to apply updates. While never perfect, this approach now faces severe challenges as AI becomes increasingly adept at identifying vulnerabilities. With security fixes proliferating rapidly, reviewing commit histories has become highly attractive due to improved signal-to-noise ratios. Moreover, leveraging AI to evaluate every submission is growing both more affordable and efficient. Yet long-term information quarantines also face diminishing viability. Detection cycles used to operate slowly: reporting a vulnerability and granting vendors a 90-day window meant virtually no others would discover it during that interval. Today, however, numerous teams augmented by AI continuously scan software for flaws—a scenario no longer applicable. In this case, just nine hours after Kim reported the ESP vulnerability, Kuan-Ting Chen independently filed his own report. Quarantine strategies might even heighten risks by fostering a false sense of non-emergency status and narrowing the pool of contributors capable of aiding repairs. Although definitive conclusions remain elusive, I personally believe short-term quarantines represent a viable compromise today—and over time, these windows will need further compression. Fortunately, since AI simultaneously strengthens offensive capabilities while accelerating defensive measures, previously ineffective quarantine periods have regained feasibility despite their brevity.