It is also a testament to solid engineering and attention to good security practices in general. These still work, also against fancy new AI attackers.
When sophisticated attacks become cheaper to run, maybe it will (finally) be cheaper to do more solid engineering instead of doing it quick and dirty and ending up in indefinite bug-squashing mode.
If your operating system only does 20% of what another operating system can do, it's easier for you to have 80% less bugs.
That's not a knock, it's a design philosophy of OpenBSD (which is to do the minimal needed, and no more, in the most simplistic way).
For example you can imagine my dissapointment when I descovered what a pain in the ass it is to get a pflow producer working on linux after doing the first one on openbsd.
But real defenses are generally multi-layered. And in that context, a Swiss cheese slice with only one hole is still extremely valuable.
yes, most company settings don't run untrusted code, and OpenBSD is mostly used for servers not employee devices
but that doesn't mean LPEs aren't quite relevant, because they matter for pretty much everyone if combined with other vulnerabilities, like RCE, supply chain attack etc.
and while RCE are becoming less common, supply chain attacks have been increasingly more common
Hard to know how much has been thrown into this but I would bet a lot.
So far I have been very surprised we haven't been flooded by those type of announcements. If you look you will always find something and OpenBSD is the top price.