Holy shit, the latest OpenSSL release patches 12 zero-day vulnerabilities, all of which were discovered by AI agents.
The really crazy thing is that 3 of the bugs had been present since 2000, for over a quarter century having been missed by intense machine and human effort alike. One predated OpenSSL itself, inherited from Eric Young’s original SSLeay implementation in the 1990s. All of this in a codebase that has been fuzzed for millions of CPU-hours and audited extensively for over two decades by teams including Google's.
It's pretty scary to realize that fundamental aspects of everyday internet security have been vulnerable for decades. I can only imagine that AI is going to unearth many more vulnerabilities in the coming years.
The really crazy thing is that 3 of the bugs had been present since 2000, for over a quarter century having been missed by intense machine and human effort alike. One predated OpenSSL itself, inherited from Eric Young’s original SSLeay implementation in the 1990s. All of this in a codebase that has been fuzzed for millions of CPU-hours and audited extensively for over two decades by teams including Google's.
It's pretty scary to realize that fundamental aspects of everyday internet security have been vulnerable for decades. I can only imagine that AI is going to unearth many more vulnerabilities in the coming years.
2934❤️65🤙12👀9❤️5👍2👏1
