{"id":1380,"date":"2026-02-18T12:04:18","date_gmt":"2026-02-18T12:04:18","guid":{"rendered":"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/18\/ai-found-twelve-new-vulnerabilities-in-openssl\/"},"modified":"2026-02-18T12:04:18","modified_gmt":"2026-02-18T12:04:18","slug":"ai-found-twelve-new-vulnerabilities-in-openssl","status":"publish","type":"post","link":"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/18\/ai-found-twelve-new-vulnerabilities-in-openssl\/","title":{"rendered":"AI Found Twelve New Vulnerabilities in OpenSSL"},"content":{"rendered":"<div>\n<p>The title of the post is\u201d<a href=\"https:\/\/aisle.com\/blog\/what-ai-security-research-looks-like-when-it-works\">What AI Security Research Looks Like When It Works<\/a>,\u201d and I agree:<\/p>\n<blockquote>\n<p>In the latest <a href=\"https:\/\/openssl-library.org\/news\/vulnerabilities\/\">OpenSSL security release&gt;<\/a> on January 27, 2026, twelve new zero-day vulnerabilities (meaning unknown to the maintainers at time of disclosure) were announced. Our AI system is responsible for the original discovery of all twelve, each found and responsibly disclosed to the OpenSSL team during the fall and winter of 2025. Of those, 10 were assigned CVE-2025 identifiers and 2 received CVE-2026 identifiers. Adding the 10 to the three we already found in the <a href=\"https:\/\/aisle.com\/blog\/aisle-discovers-three-of-the-four-openssl-vulnerabilities-of-2025\">Fall 2025 release<\/a>, AISLE is credited for surfacing 13 of 14 OpenSSL CVEs assigned in 2025, and 15 total across both releases. This is a historically unusual concentration for any single research team, let alone an AI-driven one.<\/p>\n<p>These weren\u2019t trivial findings either. They included <a href=\"https:\/\/aisle.com\/blog\/openssl-stack-overflow-cve-2025-15467-deep-dive\">CVE-2025-15467<\/a>, a stack buffer overflow in CMS message parsing that\u2019s potentially remotely exploitable without valid key material, and exploits for which have been quickly developed online. OpenSSL rated it HIGH severity; <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-15467\">NIST<\/a>\u2018s CVSS v3 score is 9.8 out of 10 (CRITICAL, an extremely rare severity rating for such projects). Three of the bugs had been present since 1998-2000, for over a quarter century having been missed by intense machine and human effort alike. One predated OpenSSL itself, inherited from Eric Young\u2019s original SSLeay implementation in the 1990s. All of this in a codebase that has been fuzzed for millions of CPU-hours and audited extensively for over two decades by teams including Google\u2019s.<\/p>\n<p>In five of the twelve cases, our AI system directly proposed the patches that were accepted into the official release.<\/p>\n<\/blockquote>\n<p>AI vulnerability finding is changing cybersecurity, faster than expected. This capability will be used by both offense and defense.<\/p>\n<p><a href=\"https:\/\/www.lesswrong.com\/posts\/7aJwgbMEiKq5egQbd\/ai-found-12-of-12-openssl-zero-days-while-curl-cancelled-its\">More<\/a>.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>The title of the post is\u201dWhat AI Security Research Looks Like When It Works,\u201d and I agree: In the latest OpenSSL security release&gt; on January 27, 2026, twelve new zero-day vulnerabilities (meaning unknown to the maintainers at time of disclosure) were announced. Our AI system is responsible for the original discovery of all twelve, each [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[4,90,459,680,53,242,602],"tags":[91],"class_list":["post-1380","post","type-post","status-publish","format-standard","hentry","category-ai","category-cybersecurity","category-patching","category-ssl","category-uncategorized","category-vulnerabilities","category-zero-day","tag-cybersecurity"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>AI Found Twelve New Vulnerabilities in OpenSSL - Imperative Business Ventures Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/18\/ai-found-twelve-new-vulnerabilities-in-openssl\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"AI Found Twelve New Vulnerabilities in OpenSSL - Imperative Business Ventures Limited\" \/>\n<meta property=\"og:description\" content=\"The title of the post is\u201dWhat AI Security Research Looks Like When It Works,\u201d and I agree: In the latest OpenSSL security release&gt; on January 27, 2026, twelve new zero-day vulnerabilities (meaning unknown to the maintainers at time of disclosure) were announced. Our AI system is responsible for the original discovery of all twelve, each [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/18\/ai-found-twelve-new-vulnerabilities-in-openssl\/\" \/>\n<meta property=\"og:site_name\" content=\"Imperative Business Ventures Limited\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-18T12:04:18+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/18\/ai-found-twelve-new-vulnerabilities-in-openssl\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/18\/ai-found-twelve-new-vulnerabilities-in-openssl\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"headline\":\"AI Found Twelve New Vulnerabilities in OpenSSL\",\"datePublished\":\"2026-02-18T12:04:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/18\/ai-found-twelve-new-vulnerabilities-in-openssl\/\"},\"wordCount\":292,\"keywords\":[\"Cybersecurity\"],\"articleSection\":{\"0\":\"AI\",\"1\":\"Cybersecurity\",\"2\":\"patching\",\"3\":\"SSL\",\"5\":\"Vulnerabilities\",\"6\":\"zero-day\"},\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/18\/ai-found-twelve-new-vulnerabilities-in-openssl\/\",\"url\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/18\/ai-found-twelve-new-vulnerabilities-in-openssl\/\",\"name\":\"AI Found Twelve New Vulnerabilities in OpenSSL - Imperative Business Ventures Limited\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/#website\"},\"datePublished\":\"2026-02-18T12:04:18+00:00\",\"author\":{\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/18\/ai-found-twelve-new-vulnerabilities-in-openssl\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/18\/ai-found-twelve-new-vulnerabilities-in-openssl\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/18\/ai-found-twelve-new-vulnerabilities-in-openssl\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.ibvl.in\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"AI Found Twelve New Vulnerabilities in OpenSSL\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.ibvl.in\/#website\",\"url\":\"https:\/\/blog.ibvl.in\/\",\"name\":\"Imperative Business Ventures Limited\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.ibvl.in\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\/\/blog.ibvl.in\"],\"url\":\"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"AI Found Twelve New Vulnerabilities in OpenSSL - Imperative Business Ventures Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/18\/ai-found-twelve-new-vulnerabilities-in-openssl\/","og_locale":"en_US","og_type":"article","og_title":"AI Found Twelve New Vulnerabilities in OpenSSL - Imperative Business Ventures Limited","og_description":"The title of the post is\u201dWhat AI Security Research Looks Like When It Works,\u201d and I agree: In the latest OpenSSL security release&gt; on January 27, 2026, twelve new zero-day vulnerabilities (meaning unknown to the maintainers at time of disclosure) were announced. Our AI system is responsible for the original discovery of all twelve, each [&hellip;]","og_url":"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/18\/ai-found-twelve-new-vulnerabilities-in-openssl\/","og_site_name":"Imperative Business Ventures Limited","article_published_time":"2026-02-18T12:04:18+00:00","author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/18\/ai-found-twelve-new-vulnerabilities-in-openssl\/#article","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/18\/ai-found-twelve-new-vulnerabilities-in-openssl\/"},"author":{"name":"admin","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"headline":"AI Found Twelve New Vulnerabilities in OpenSSL","datePublished":"2026-02-18T12:04:18+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/18\/ai-found-twelve-new-vulnerabilities-in-openssl\/"},"wordCount":292,"keywords":["Cybersecurity"],"articleSection":{"0":"AI","1":"Cybersecurity","2":"patching","3":"SSL","5":"Vulnerabilities","6":"zero-day"},"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/18\/ai-found-twelve-new-vulnerabilities-in-openssl\/","url":"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/18\/ai-found-twelve-new-vulnerabilities-in-openssl\/","name":"AI Found Twelve New Vulnerabilities in OpenSSL - Imperative Business Ventures Limited","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/#website"},"datePublished":"2026-02-18T12:04:18+00:00","author":{"@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"breadcrumb":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/18\/ai-found-twelve-new-vulnerabilities-in-openssl\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.ibvl.in\/index.php\/2026\/02\/18\/ai-found-twelve-new-vulnerabilities-in-openssl\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/18\/ai-found-twelve-new-vulnerabilities-in-openssl\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.ibvl.in\/"},{"@type":"ListItem","position":2,"name":"AI Found Twelve New Vulnerabilities in OpenSSL"}]},{"@type":"WebSite","@id":"https:\/\/blog.ibvl.in\/#website","url":"https:\/\/blog.ibvl.in\/","name":"Imperative Business Ventures Limited","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.ibvl.in\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/blog.ibvl.in"],"url":"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/1380","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/comments?post=1380"}],"version-history":[{"count":0,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/1380\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/media?parent=1380"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/categories?post=1380"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/tags?post=1380"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}