He probably means the large German drug store chain called DM.

https://www.dm.de/

The headline was mis-typed here: you're missing the apostrophe in "driver's licenses".

I agree; I'm calling "incorrect" on this for now, pending corroborating sources. I run a few sites that don't contain a robots.txt file, and they are showing on Google just fine. I see links to the home page and several interior pages; all good.

Because you can see pages not affected doesn't guarantee they will stay that way.

Ah, I think I recall the story you're referring to: reporter Josh Renaud of the St. Louis Post-Dispatch discovered that a public web site was exposing Social Security numbers of teachers in Missouri. He notified the site's administrators, and later published a story about the leak after it was fixed.

The governor of Missouri at the time, Mike Parson, called him a hacker and advocated prosecuting him. Fortunately the prosecutor's office declined to file charges though.

Can anyone elaborate on what they're referring to here?

> GPT‑5.2-Codex has stronger cybersecurity capabilities than any model we’ve released so far. These advances can help strengthen cybersecurity at scale, but they also raise new dual-use risks that require careful deployment.

I'm curious what they mean by the dual-use risks.

"Please review this code for any security vulnerabilities" has two very different outcomes depending on if its the maintainer or threat actor prompting the model

“Dual-use” here usually isn’t about novel attack techniques, but about lowering the barrier to execution. The same improvements that help defenders reason about exploit chains, misconfigurations, or detection logic can also help an attacker automate reconnaissance, payload adaptation, or post-exploitation analysis. Historically, this shows up less as “new attacks” and more as speed and scale shifts. Things that required an experienced operator become accessible to a much wider audience. That’s why deployment controls, logging, and use-case constraints matter as much as the raw capability itself.

Finding/patching exploits means you also can exploit them better?

What they said sounded pretty direct to me.

probably that it's good on tasks of either color teams, red or blue - and if it is, it means you can automate some... interesting workflows.

Good at finding/fixing security vulnerabilities = Good at finding/exploiting security vulnerabilities.

I think I understand where he's at. If your web site has compatibility issues with smaller browsers like Firefox at 3%, Opera at 2% etc. then you could be losing out on 5% of your sales. If you were to approach any CEO and ask if they'd be interested in an initiative to increase sales by 5%, they would most likely express an interest.

there is good chance whoever site didn't worked for will just switch to chrome for that site. I did that few times.

We have "any browser above 5% market share" in deals with our clients. So FF testing is not even required

I mean, I don't object in principle, I in general consider this to be "doing a good job" that we all strive for, but in this particular case it was a "line of business" app with like 500 users so I genuinely hadn't even considered it. We'll see if it comes up later!

> starting from ground zero

You probably mean "starting from square one" but yeah I get you

> I had one client spending $12,000 per month on Google Ads

In Google Ads you can just turn off the option to run your ads on non-Google sites; I think it's called their Display Network. Just run your campaign only on Google's search pages.

I'm surprised the article doesn't mention this rather common solution.

Here's an archive link: https://archive.is/w0izj