Holy shit, the latest OpenSSL release patches 12 zero-day vulnerabilities, all of which were discovered by AI agents.
The really crazy thing is that 3 of the bugs had been present since 2000, for over a quarter century having been missed by intense machine and human effort alike. One predated OpenSSL itself, inherited from Eric Young’s original SSLeay implementation in the 1990s. All of this in a codebase that has been fuzzed for millions of CPU-hours and audited extensively for over two decades by teams including Google's.
It's pretty scary to realize that fundamental aspects of everyday internet security have been vulnerable for decades. I can only imagine that AI is going to unearth many more vulnerabilities in the coming years.
Jameson Lopp
npub17u…wt4tp
2026-03-15 12:15:18 UTC
Author Public Key
npub17u5dneh8qjp43ecfxr6u5e9sjamsmxyuekrg2nlxrrk6nj9rsyrqywt4tpPublished at
2026-03-15 12:15:18 UTCEvent JSON
{
"id": "8cdc5bd2100caa701741437cdfde1df05fdfd2b7808cea441567dd7c07f905d6",
"pubkey": "f728d9e6e7048358e70930f5ca64b097770d989ccd86854fe618eda9c8a38106",
"created_at": 1773576918,
"kind": 1,
"tags": [
[
"alt",
"A short note: Holy shit, the latest OpenSSL release patches 12 z..."
]
],
"content": "Holy shit, the latest OpenSSL release patches 12 zero-day vulnerabilities, all of which were discovered by AI agents.\n\nThe really crazy thing is that 3 of the bugs had been present since 2000, for over a quarter century having been missed by intense machine and human effort alike. One predated OpenSSL itself, inherited from Eric Young’s original SSLeay implementation in the 1990s. All of this in a codebase that has been fuzzed for millions of CPU-hours and audited extensively for over two decades by teams including Google's.\n\nIt's pretty scary to realize that fundamental aspects of everyday internet security have been vulnerable for decades. I can only imagine that AI is going to unearth many more vulnerabilities in the coming years.",
"sig": "c11123a7517688915ff2219b383f6631b2f95ce519dc245d2d597ac6bbbe54c2554501c8ae2e2b42620dc4e6b9d42f644e158c13fd78e9cfb680c1016f4cb78e"
}