BotBeat
...
← Back

> ▌

AISLEAISLE
RESEARCHAISLE2026-02-27

AI System Discovers All 12 Zero-Day Vulnerabilities in Latest OpenSSL Security Release

Key Takeaways

  • ▸AISLE's AI system discovered all 12 zero-day vulnerabilities in OpenSSL's latest security release, a historically unusual count for the heavily audited cryptographic library
  • ▸One discovered vulnerability (CVE-2025-9230) had existed undetected since 2009, demonstrating AI's ability to find long-hidden security flaws
  • ▸The achievement highlights a growing divide in AI security contributions: sophisticated systems finding genuine vulnerabilities while low-quality AI spam forces programs like curl to cancel bug bounties
Source:
Hacker Newshttps://www.lesswrong.com/posts/7aJwgbMEiKq5egQbd/ai-found-12-of-12-openssl-zero-days-while-curl-cancelled-its↗

Summary

AISLE, an AI cybersecurity startup, announced that its automated AI system discovered all 12 zero-day vulnerabilities disclosed in OpenSSL's latest security release. OpenSSL, which encrypts an estimated two-thirds of the world's internet traffic, is among the most scrutinized cryptographic libraries globally, making this achievement a significant milestone in AI-driven security research. The company, operating under the pseudonym 'Giant Anteater' in bug bounty programs, previously found 3 of 4 OpenSSL CVEs in fall 2025, including a bug that had remained undetected for over 15 years since 2009.

The vulnerabilities discovered span various severity levels and include out-of-bounds memory issues, timing side-channels, and parsing errors that could potentially lead to memory corruption or private key recovery. AISLE's system represents what the company calls an effort to transform elite security research from an 'artisanal hacker craft into a repeatable industrial process,' with the stated goal of securing software infrastructure before more advanced AI systems become ubiquitous.

This development comes amid a polarizing moment for AI in cybersecurity: while AISLE demonstrates AI's potential to find critical security flaws, the curl project recently cancelled its bug bounty program due to overwhelming AI-generated spam submissions, despite AISLE having reported 5 genuine CVEs to them. The company notes this dichotomy reflects AI 'simultaneously collapsing the median (slop) and raising the ceiling (real zero-days in critical infrastructure).' The achievement was recognized by the independent 'Frontier of the Year 2025' forecasting project, which ranked AI-driven vulnerability discovery in critical infrastructure as the #3 AI breakthrough of 2025 by expected impact.

  • OpenSSL encrypts approximately two-thirds of global internet traffic, making these discoveries critical for worldwide internet security infrastructure

Editorial Opinion

This represents a watershed moment for AI in cybersecurity—not just because of the technical achievement, but because it demonstrates AI can now outperform traditional security auditing at scale on the internet's most critical infrastructure. The irony that curl cancelled its bug bounty amid AI spam while AISLE found genuine vulnerabilities underscores a broader pattern: AI is creating a barbell distribution of security research quality. The real question now is how quickly this technology proliferates and whether defensive AI discovery can stay ahead of offensive capabilities.

AI AgentsMachine LearningCybersecurityStartups & FundingAI Safety & Alignment

More from AISLE

AISLEAISLE
RESEARCH

AISLE Matches Anthropic's Mythos on FreeBSD Zero-Days with Three Critical Discoveries

2026-05-06
AISLEAISLE
RESEARCH

AISLE AI Discovers 38 Critical Vulnerabilities in OpenEMR, Most-Widely Used Open-Source EHR Platform

2026-04-28
AISLEAISLE
RESEARCH

AISLE's AI System Discovers 20 of 23 Recent OpenSSL Zero-Days

2026-04-24

Comments

Suggested

MicrosoftMicrosoft
RESEARCH

Microsoft's Leaked 'Aion' Project Reveals Vision for Copilot-First Operating System

2026-07-04
Google / AlphabetGoogle / Alphabet
RESEARCH

Stanford Researchers Use Multi-Agent AI and Reinforcement Learning to Improve HIP Kernel Generation for AMD GPUs

2026-07-04
LLM Agent EcosystemLLM Agent Ecosystem
RESEARCH

Researchers Expose Critical Payload-Less Attack on LLM Agent Supply Chains

2026-07-04
← Back to news
© 2026 BotBeat
AboutPrivacy PolicyTerms of ServiceContact Us