February 19, 2026

Bugs, bots, and backlash

Article URL →HN comments →

AI found 12 of 12 OpenSSL zero-days

AI says it found 12 holes in the web’s lock; commenters yell PR and job killer

TLDR: AISLE claims its AI uncovered 12 previously unknown flaws in OpenSSL, the software that locks much of the internet. Comments erupted: skeptics called it a PR blast and demanded hard numbers, while others cheered; the debate centers on AI hype, job loss, and spam versus real security wins.

An AI outfit called AISLE says its system found 12 previously unknown flaws in OpenSSL — the padlock that keeps most of the web’s traffic secret. The claim landed like a grenade. One camp rolled their eyes, calling it “a press release masquerading as a blog post.” Others cheered a rare haul, noting AISLE’s earlier wins.

Then the numbers fight broke out. Commenters begged for receipts: how many reports were filed, how many were duds, and what severities? “We don’t know how many false reports were filtered,” one user argued, warning that without precision/recall, it’s just vibes. The timing didn’t help: curl just axed its bug bounty after a flood of AI-generated junk, even as AISLE says it filed five real bugs there. Is AI flooding inboxes while still netting the big fish?

Finally, the jobs panic. AISLE’s goal to turn “artisanal” hacking into an industrial process had security pros asking: is this about replacing us? Memes flew (“Giant Anteater ate the internet,” “Heartbleed 12‑pack”), and the thread split between “raise the ceiling” optimists and “PR hype” skeptics. Everyone agrees 12 zero-days in OpenSSL is unusual — the fight is over trust, transparency, and whether AI is hero or chaos engine.

Key Points

  • AISLE claims its AI system discovered all 12 newly announced OpenSSL zero-day vulnerabilities.
  • OpenSSL is described as conservatively managed and securing at least two-thirds of global internet traffic, making it a hard target.
  • AISLE previously reported three OpenSSL CVEs in 2025: CVE-2025-9230, CVE-2025-9231, and CVE-2025-9232, with technical details provided.
  • The company used live targets and CVE acceptance by project maintainers as an external validation benchmark.
  • curl reportedly cancelled its bug bounty program due to AI-generated spam; AISLE says it submitted five genuine CVEs to curl.

Hottest takes

"This is a press release masquerading as a blog post" — greesil
"We don't know how many false reports were filtered" — munk-a
"So putting everyone in the security industry out of work?" — jazz9k

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.