Sign up to save your podcasts
Or
Share [Linkpost] “AISLE discovered three new OpenSSL vulnerabilities” by Jan_Kulveit
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
[Linkpost] “AISLE discovered three new OpenSSL vulnerabilities” by Jan_Kulveit
This is a link post.
The company post is linked; it seems like an update on where we are with automated cybersec.
So far in 2025, only four security vulnerabilities received CVE identifiers in OpenSSL, the cryptographic library that secures the majority of internet traffic. AISLE's autonomous system discovered three of them. (CVE-2025-9230, CVE-2025-9231, and CVE-2025-9232)
Some quick thoughts:
- OpenSSL is one of the most human-security-audited pieces of open-source code ever, so discovering 3 new vulnerabilities is impressive
- Obviously, vulnerability discovery is a somewhat symmetric capability, so this also gives us some estimate of the offense side
- This provides concrete evidence for the huge pool of bugs that are findable and exploitable even by current level AI - this is something everyone sane believed existed in my impression
- On the other hand, it does not neatly support the story where it's easy for rogue AIs to hack anything. The AISLE system was also able to fix the bugs, hopefully systems like this will be deployed, and it seems likely the defense side will start with large advantage of compute
- It's plausible that the "programs are proofs" limit is defense-dominated. On the other hand, actual programs are leaky [...]
---
First published:
October 30th, 2025
Source:
https://www.lesswrong.com/posts/F5QAGP5bYrMMjQ5Ab/aisle-discovered-three-new-openssl-vulnerabilities-1
Linkpost URL:
https://aisle.com/blog/aisle-discovers-three-of-the-four-openssl-vulnerabilities-of-2025
---
Narrated by TYPE III AUDIO.
View all episodes
By LessWrongThis is a link post.
The company post is linked; it seems like an update on where we are with automated cybersec.
So far in 2025, only four security vulnerabilities received CVE identifiers in OpenSSL, the cryptographic library that secures the majority of internet traffic. AISLE's autonomous system discovered three of them. (CVE-2025-9230, CVE-2025-9231, and CVE-2025-9232)
Some quick thoughts:
- OpenSSL is one of the most human-security-audited pieces of open-source code ever, so discovering 3 new vulnerabilities is impressive
- Obviously, vulnerability discovery is a somewhat symmetric capability, so this also gives us some estimate of the offense side
- This provides concrete evidence for the huge pool of bugs that are findable and exploitable even by current level AI - this is something everyone sane believed existed in my impression
- On the other hand, it does not neatly support the story where it's easy for rogue AIs to hack anything. The AISLE system was also able to fix the bugs, hopefully systems like this will be deployed, and it seems likely the defense side will start with large advantage of compute
- It's plausible that the "programs are proofs" limit is defense-dominated. On the other hand, actual programs are leaky [...]
---
First published:
October 30th, 2025
Source:
https://www.lesswrong.com/posts/F5QAGP5bYrMMjQ5Ab/aisle-discovered-three-new-openssl-vulnerabilities-1
Linkpost URL:
https://aisle.com/blog/aisle-discovers-three-of-the-four-openssl-vulnerabilities-of-2025
---
Narrated by TYPE III AUDIO.
More shows like LessWrong (30+ Karma)
View all
The Daily
112,214 Listeners
Astral Codex Ten Podcast
131 Listeners
Interesting Times with Ross Douthat
7,239 Listeners
Dwarkesh Podcast
559 Listeners
The Ezra Klein Show
16,276 Listeners
AI Article Readings
4 Listeners
Doom Debates!
14 Listeners
LessWrong posts by zvi
2 Listeners