openssl / aisle / ai

Jessica Lyons / The Register : Google's TIG documented 90 zero-day vulnerabilities exploited in 2025, up from 78 in 2024; commercial spyware vendors and China-linked groups led the abuse — Of the 90 zero-days GTIG tracked in 2025, 43 hit enterprise tech — Zero-day exploitation targeting enterprise tech products reached …

Enterprise software was a major focus of zero-day activity during 2025, with security and networking devices, like firewalls, VPNs, and virtualization platforms, among the top targeted by malicious hackers.

AISLE has successfully identified 12 zero-day vulnerabilities in OpenSSL, a critical cryptographic library that secures a significant portion of internet traffic. This marks a notable achievement in AI-driven cybersecurity, showcasing the potential of automated systems to discover previously unknown security flaws. The findings come as curl, another project, has halted its bug bounty program due to an influx of AI-generated spam, highlighting the dual-edged nature of AI in cybersecurity. OpenSSL's stringent criteria for accepting vulnerabilities make this discovery particularly significant, emphasizing the need for advanced tools to enhance security in an increasingly digital world.

AISLE has successfully identified 12 zero-day vulnerabilities in OpenSSL, a critical cryptographic library, marking a significant milestone in AI-driven cybersecurity. This discovery highlights the potential of AI to enhance security measures by automating the detection of previously unknown vulnerabilities. OpenSSL is essential for internet encryption, making these findings particularly impactful. In contrast, the curl project has canceled its bug bounty program due to an influx of AI-generated spam, illustrating the dual-edged nature of AI in cybersecurity. AISLE's work aims to transform cybersecurity practices, ensuring robust defenses as AI technologies become more prevalent.