AISLE's AI System Discovers 20 of 23 Recent OpenSSL Zero-Days
Key Takeaways
- ▸AISLE's autonomous AI system discovered 20 of 23 recent zero-days in OpenSSL across three consecutive releases (September 2025, January 2026, April 2026)
- ▸One vulnerability (CVE-2026-28386) was independently discovered by both AISLE and Anthropic's Mythos, with AISLE reporting first and providing the accepted fix
- ▸Approximately 50% of AISLE's discoveries included AI-authored fixes that were accepted into OpenSSL's official codebase
Summary
AISLE's autonomous AI system has discovered 20 of 23 recent zero-day vulnerabilities in OpenSSL across three consecutive security releases spanning six months. Beginning with three CVEs in September 2025, AISLE identified twelve vulnerabilities in January 2026, and five of seven CVEs in the April 2026 advisory. Notably, approximately half of AISLE's findings included AI-authored fixes that were accepted directly into OpenSSL's codebase, demonstrating the system's ability to not only identify vulnerabilities but provide production-ready solutions.
A particularly significant finding is CVE-2026-28386, an out-of-bounds read in AES-CFB-128 on x86-64 systems with AVX-512 support. AISLE discovered this vulnerability on January 6, 2026, and developed the fix that OpenSSL adopted. Remarkably, Anthropic's Mythos AI system independently discovered the identical vulnerability 63 days later on March 10, marking the first time the two advanced AI systems converged on the same zero-day—a milestone that underscores the maturity of AI-assisted security research.
The pattern across these three releases demonstrates that AI vulnerability discovery has transitioned from theoretical capability to operational reality. Several vulnerabilities dated back decades, with some in the codebase for 25+ years, indicating AISLE's system can identify flaws that human auditors and traditional tooling have consistently missed. This achievement in one of the most heavily audited and critical codebases in existence signals a fundamental shift in how cybersecurity resilience is achieved.
- Several vulnerabilities remained undetected for 25+ years despite extensive human auditing, demonstrating AI's unique capability to find critical flaws in heavily reviewed infrastructure
Editorial Opinion
AISLE's consistent track record of discovering zero-days in OpenSSL represents a watershed moment in AI-assisted cybersecurity. The independent convergence with Anthropic's Mythos on the same vulnerability suggests that advanced AI systems have achieved sufficient sophistication to reliably identify security flaws that span decades of human oversight. This capability is likely to reshape organizational approaches to vulnerability discovery, audit methodology, and the role of AI in maintaining critical infrastructure security.
