![[Linkpost] “AISLE discovered three new OpenSSL vulnerabilities” by Jan_Kulveit](https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/a6/b7/1a/a6b71a43-fe2a-3637-c30c-64e41955b16d/mza_8291033219098401263.jpg/400x400bb.jpg "[Linkpost] “AISLE discovered three new OpenSSL vulnerabilities” by Jan_Kulveit")
[Linkpost] “AISLE discovered three new OpenSSL vulnerabilities” by Jan_Kulveit
Update: 2025-10-30
Description
This is a link post.
The company post is linked; it seems like an update on where we are with automated cybersec.
So far in 2025, only four security vulnerabilities received CVE identifiers in OpenSSL, the cryptographic library that secures the majority of internet traffic. AISLE's autonomous system discovered three of them. (CVE-2025-9230, CVE-2025-9231, and CVE-2025-9232)
Some quick thoughts:
- OpenSSL is one of the most human-security-audited pieces of open-source code ever, so discovering 3 new vulnerabilities is impressive
- Obviously, vulnerability discovery is a somewhat symmetric capability, so this also gives us some estimate of the offense side
- This provides concrete evidence for the huge pool of bugs that are findable and exploitable even by current level AI - this is something everyone sane believed existed in my impression
- On the other hand, it does not neatly support the story where it's easy for rogue AIs to hack anything. The AISLE system was also able to fix the bugs, hopefully systems like this will be deployed, and it seems likely the defense side will start with large advantage of compute
- It's plausible that the "programs are proofs" limit is defense-dominated. On the other hand, actual programs are leaky [...]
---
First published:
October 30th, 2025
Linkpost URL:
https://aisle.com/blog/aisle-discovers-three-of-the-four-openssl-vulnerabilities-of-2025
---
Narrated by TYPE III AUDIO.
Comments
In Channel
Download from Google Play
Download from App Store
United States00:00
00:00
x
