{"type":"rich","version":"1.0","author_name":"Jameson Lopp (npub17u…wt4tp)","author_url":"https://nostr.ae/npub17u5dneh8qjp43ecfxr6u5e9sjamsmxyuekrg2nlxrrk6nj9rsyrqywt4tp","provider_name":"njump","provider_url":"https://nostr.ae","html":"Holy shit, the latest OpenSSL release patches 12 zero-day vulnerabilities, all of which were discovered by AI agents.\n\nThe really crazy thing is that 3 of the bugs had been present since 2000, for over a quarter century having been missed by intense machine and human effort alike. One predated OpenSSL itself, inherited from Eric Young’s original SSLeay implementation in the 1990s. All of this in a codebase that has been fuzzed for millions of CPU-hours and audited extensively for over two decades by teams including Google's.\n\nIt's pretty scary to realize that fundamental aspects of everyday internet security have been vulnerable for decades. I can only imagine that AI is going to unearth many more vulnerabilities in the coming years."}