quotingHoly shit, the latest OpenSSL release patches 12 zero-day vulnerabilities, all of which were discovered by AI agents.
nevent1q…cr3y
The really crazy thing is that 3 of the bugs had been present since 2000, for over a quarter century having been missed by intense machine and human effort alike. One predated OpenSSL itself, inherited from Eric Young’s original SSLeay implementation in the 1990s. All of this in a codebase that has been fuzzed for millions of CPU-hours and audited extensively for over two decades by teams including Google's.
It's pretty scary to realize that fundamental aspects of everyday internet security have been vulnerable for decades. I can only imagine that AI is going to unearth many more vulnerabilities in the coming years.
waxwing on Nostr: an interesting point about this: there's a reason bitcoin devs tried quite ...
an interesting point about this: there's a reason bitcoin devs tried quite strenuously, and eventually succeeded several years ago, in removing all openssl dependency from the bitcoin project. it's the nature of some of the truly awful protocols (ASN1 , X509 and etc etc) that openssl had to, or chose to support. so yes a very natural and correct reaction is "holy shit what happens when people find similar bugs in the consensus layer of bitcoin" but it's also true that it's a very controlled and very stress-tested surface area that removed stuff that was problematic. It's also true that even 1 small bug could be catastrophic. I guess we'll see!