AI found 12 of 12 OpenSSL zero-days (www.lesswrong.com)

AISLE has announced a groundbreaking achievement in cybersecurity by identifying 12 previously unknown zero-day vulnerabilities in OpenSSL, one of the most critical cryptographic libraries that secures a significant portion of internet traffic. This revelation is significant as it marks a historic milestone in AI-driven cybersecurity, demonstrating that machine learning can effectively discover and document high-severity vulnerabilities in heavily scrutinized software. This feat underscores the potential of AI to transform vulnerability assessment from a niche expertise into a systematic, industrial process, thus enhancing cybersecurity in critical infrastructure. The vulnerabilities uncovered by AISLE span across various subsystems of OpenSSL, including TLS and cryptographic protocols, with implications such as heap overflows and type confusions, some dating back decades. Notably, this achievement illustrates a paradox within the AI landscape: while a surge of AI-generated noise has flooded other bug bounty programs, leading to some cancellations—like curl's—AISLE's AI system has distinctly raised the bar for quality vulnerability discovery. This dual phenomenon suggests that, while AI may complicate the cybersecurity landscape with false positives, it also provides valuable contributions that could redefine norms in the industry.