I like the idea of having a software supply chain that people can pay into that basically funds a universal bug bounty system for anything that matters.
You can put systems in place that utilize zero knowledge exploitability proofs to automate bounty triage, so it doesn't even need to be run by a central trusted entity. As the bounty markets stabilize, what you're left with is a software ecosystem where anyone can build what they need and directly query the estimated cost of attack from point A to point B on any set of capabilities, and any security claim "Your emails are safe with Microsoft" etc can actually be economically quantified. Hosting providers can use their subscription income to pay into the bounty funds of the parts of the supply chain they rely on, thus making their services more attractive to users (and bug hunters).
On the other side of this, you now have a world of vuln researchers and their pet LLMs grinding and searching away for unexplored attack paths they can cash in on. Of course these bounty systems can also work for optimization bounties for people making code faster, or feature bounties. Some kid somewhere has an idea for a feature in some piece of software that they're using, so they post about it, and a few thousand people chip in, and when the bounty becomes appetizing enough, someone's AI pet grabs it, and they get paid, and within minutes the update is deployed into the ecosystem.
Then, on everyone's device, depending on their risk tolerance and their use case, the AI can decide if this new update is supported enough by the ecosystem yet to apply. Maybe we don't apply it now, but maybe in 30 mins if no one has found anything weird in it. This is the dream, right? Fully automated self improving, self healing software ecosystem where researchers can get paid without even needing to talk to anyone :-D
- DEAN