AI Found 12 Zero-Days In OpenSSL. What Does It Mean For The Industry?
Adam Krivka, Ondrej Vlcek
[un]prompted 2026 — AI Security Practitioner Conference · Day 1 · 2
AISLE, a one-year-old security startup, used a multi-stage agentic AI pipeline to discover 12 zero-day vulnerabilities in OpenSSL — including one 9.8-severity stack buffer overflow that some researchers are calling "the new log4j candidate." In six months of active operation, the same engine has found and verified more than 500 vulnerabilities totaling 133 CVEs across open-source software, all while maintaining a false positive rate below 5%. ---
AI review
Twelve zero-days in OpenSSL. One at 9.8 CVSS. Five hundred verified vulnerabilities in six months. A sub-5% false positive rate. If you still needed proof that AI-driven vulnerability research has crossed the threshold from interesting experiment to operational capability, Vlcek and Krivka just handed it to you. The Traefik logic inversion example alone is worth the slot.