this looks like a genuinely good and very impressive use of “AI” in security research – I’m leaving the air quotes in place at the moment since I haven’t been able to find much detail on how the system actually operates. #AISLE describes it as an “autonomous analyser” and “the world’s first #AI-native Cyber Reasoning System (CRS) for vulnerability management” 🙄

I’m pretty sure it’s not just spicy autocarrot though, possibly a mix of deep learning or other machine learning techniques (things that I think of as part of “traditional” AI research) with a sprinkling of LLM on top for “natural language” capabilities (and it’s possible that they’re leaning into “AI” as a descriptor to assign to the current hype cycle rather than calling it “machine learning” but ¯_(ツ)_/¯ )

What AI Security Research Looks Like When It Works

“In the latest #OpenSSL security release on January 27, 2026, twelve new zero-day vulnerabilities (meaning unknown to the maintainers at time of disclosure) were announced. Our AI system is responsible for the original discovery of all twelve, each found and responsibly disclosed to the OpenSSL team during the fall and winter of 2025. Of those, 10 were assigned #CVE-2025 identifiers and 2 received CVE-2026 identifiers. Adding the 10 to the three we already found in the Fall 2025 release, AISLE is credited for surfacing 13 of 14 OpenSSL #CVEs assigned in 2025, and 15 total across both releases. This is a historically unusual concentration for any single research team, let alone an AI-driven one.

These weren't trivial findings either. They included CVE-2025-15467, a stack buffer overflow in CMS message parsing that's potentially remotely exploitable without valid key material, and exploits for which have been quickly developed online. OpenSSL rated it HIGH severity; NIST's CVSS v3 score is 9.8 out of 10 (CRITICAL, an extremely rare severity rating for such projects). Three of the bugs had been present since 1998-2000, for over a quarter century having been missed by intense machine and human effort alike. One predated OpenSSL itself, inherited from #EricYoung's original #SSLeay implementation in the 1990s. All of this in a codebase that has been fuzzed for millions of CPU-hours and audited extensively for over two decades by teams including Google's.

In five of the twelve cases, our AI system directly proposed the patches that were accepted into the official release.”

https://aisle.com/blog/what-ai-security-research-looks-like-when-it-works

#WomensWrestling Talk Podcast - WWT Presents —
#WWENXT Post Show | 10.8.24: https://www.youtube.com/live/-jDSwMxMw80?si=4WCu95pd3aaDyvvj

#DeniseSalcedo Speak Now Interview with #KaylaBecker: https://youtu.be/2Yyu92ImRNw?si=f1cqNvep38vykweF

#WrestleZone Podcast - Exclusive Interviews —
a. #JessicaTroy: https://youtu.be/nKcJFwzLie8?si=5589Nhqc5eOE1Cql
b. #EricYoung: https://youtu.be/-oueJhhAuf8?si=Ws6ig3DuzUcogKrF
c. #DelmiExo: https://youtu.be/haSWGU-7N3c?si=cb9_ChWhylg0-KAb

(3 of 6)

#DeniseSalcedo Speak Now Podcasts & Post Shows —
#AEWDynamite 5th Anniversary (10/2/24) Post Show: https://youtu.be/WOXEYUxCeIA?si=CtLyfSlhjtK5ZYZM

#WomensWrestling Talk Podcast - WWT Presents —
#AEWDynamite 5th Anniversary Post Show | 10/2/24: https://www.youtube.com/live/cYvgIC7EB3s?si=uTQSwf_CgUADUQWd

#ChrisVanVliet #Insight Interviews —
a. #TrickWilliams: https://youtu.be/Ci3EP7CPGA8?si=aXEh8Jkl6vDnHVqp
b. #EricYoung: https://youtu.be/_KQzzX3EjdQ?si=fimJTFVtUwOWzc_t

(4 of 6)

#DeniseSalcedo Speak Now Interview with #EricYoung: https://youtu.be/HwAyKQViB1Q?si=kKWQ67X2DIdRMl1M

#WrestleZone Podcast - Exclusive Interview with #DonovanDijak: https://youtu.be/aaHbr1yvvBs?si=wabK_osseuWtJuLK

#WomensWrestling Talk Podcast - WWT Presents —
WWT Live [News & Rumors] - 9.18.24 (Young, Gifted and Elite): https://www.youtube.com/live/baXqRzZNpEg?si=1le_cEnFxlHaDmfj

#BustedOpen Podcast — Did Roxanne Perez Outshine CM Punk on NXT?: https://busted-open.simplecast.com/episodes/roxanne-perez-shows-up-cm-punk-wwe-aew-transplant-stock-watch

(3 of 4)