Aisle Discovers 6 New CVEs in Curl, Including the Oldest Issue Ever Reported

This story should have been a simple “security win”: Aisle says it found 6 new security flaws in curl, the tiny but wildly important internet tool buried inside everything from apps and cars to NASA gear. One of the bugs is reportedly more than 25 years old, which is the kind of detail that makes commenters sit up and go, “Wait, this thing has been lurking since 2001?” Curl fixed the issues in version 8.21.0, and the company is taking a victory lap for proving that cheaper, more flexible AI systems can beat bigger-name models at finding hidden software problems.

But the real fireworks were in the replies. One camp was impressed and grateful, with curl creator Daniel Stenberg himself stepping in to praise Aisle as “skilled, professional engineers” who were helpful and responsive. That endorsement landed like a mic drop against the skeptics. Because oh, there were skeptics. One commenter said the whole post felt “unnerving,” basically arguing that well-funded AI companies are turning volunteer-run open-source projects into bug-report firehoses. Translation: cool that flaws are being found, but who exactly has to deal with the avalanche?

And then came the roast session. Aisle’s site got dragged for being “super laggy” and overloaded with flashy animations, with one commenter painting a brutally vivid image of “VC bros on their macbooks drinking chai lattes.” Another jabbed, “Someone needs a lesson in accessibility.” So yes, the software got safer — but the comment section decided the real side quest was reviewing the vibe, the web design, and whether AI security hype is helping open source or just stress-testing the humans behind it.