That still seems a little hyperbolic, but I see your point.

Using your analogy, this is more like telling someone there’s an unlocked door and asking them to find it on their own using blueprints.

Not a prefect analogy, but they didn’t tell the AI where the vulnerability was in the code. They just gave it the CVE description (which is intentionally vague) and a set of patches from that time period that included a lot of irrelevant changes.

Or you play a cat-and-mouse game with the authorities in that country as they try to block access to your servers. Depending on your moral values this might be preferable to blindly following the laws of authoritarian regimes.

It’s really the country you’re based in that matters the most.

Who would they sell it to?