Finding and Exploiting Kernel Vulnerabilities in the eBPF Subsystem

Name: Finding and Exploiting Kernel Vulnerabilities in the eBPF Subsystem
Description: > **Editor's Note:** This talk attracted substantial post-conference scrutiny. In late September 2025, Alexander Peslyak (Solar Designer) published a thread on the Openwall oss-security mailing list r

Agostino Panico

DEF CON 33 · Day 2 · Main Stage

> **Editor's Note:** This talk attracted substantial post-conference scrutiny. In late September 2025, Alexander Peslyak (Solar Designer) published a thread on the Openwall oss-security mailing list r

AI review

Agostino Panico presented the Leviathan framework at DEF CON 33, claiming state-aware ML-assisted fuzzing and automated exploitation chain generation for eBPF verifier vulnerabilities, backed by eleven pre-disclosed CVE-equivalent findings. Post-conference analysis by Linux kernel maintainers found none of the eleven reported vulnerabilities to be real security issues. Expert reviewers including Alexander Peslyak concluded the research was likely substantially AI-generated. The Leviathan GitHub repository contained only a README with no functional code. The talk has become a reference case…

Watch on YouTube