AI Found Twelve New Vulnerabilities in OpenSSL
Summary
An AI system discovered twelve zero-day vulnerabilities in OpenSSL, which were responsibly disclosed to the OpenSSL team during the fall and winter of 2025 and announced in a security release on January 27, 2026. Ten were assigned CVE-2025 identifiers, and two received CVE-2026 identifiers.
IFF Assessment
The discovery of twelve zero-day vulnerabilities in a widely used library like OpenSSL presents a significant risk to systems and applications relying on it.
Severity
Defender Context
This highlights the ongoing need for continuous security testing and patching of open-source libraries. Defenders should prioritize patching OpenSSL instances and monitor for any exploit attempts targeting these vulnerabilities. The increasing use of AI in vulnerability discovery means that more vulnerabilities may be found faster, requiring more agile patching strategies.