Stanislav Fort

Handling when parsing IPv6 hosts, triggering a controlled crash.

Independently, the Frontier of the Year 2025 forecasting project by Gavin Leach, Lauren Gilbert, and Ulka Ageva looked out for AI-driven vulnerability discovery in critical infrastructure as one of the top AI breakthroughs of 2025, assigning it a 0.9 probability of generalizing and placing it at number three overall by expected impact, resolving as, quote,

Google's big sleep agent and the startup aisle found dozens of critical vulnerabilities in some of the main infrastructure of the internet.

Linux, Curl, OpenSSL, and SQLite.

Frontier of the year 2025.

For context on our approach, our system handles the full loop equals scanning, analysis, triage, exploit construction, if needed and possible, patch generation, and patch verification.

Humans choose targets and act as high-level pilots overseeing and improving the system, but don't perform the vulnerability discovery.

On high-profile targets, we additionally review the resulting fixes and disclosures manually to ensure quality, although this only rarely changes anything.

Heading.

January 2026.

12 out of 12 new vulnerabilities.

Just today, January 27, 2026, OpenSSL announced a new security patch release, publishing 12 new zero-day vulnerabilities, including a very rare high-severity one.

Of the 12 announced, we at Al discovered every single one of them using our AI system.

One vulnerability, CVE-2025-11187, was also co-reported by a security researcher Hamza from Metadust 33 days after our initial disclosure.

Congratulations on representing humanity in this virtuous race.

There's a code block here in the text.

Identifiers and 2 already belong to the year 2026 with.

There's a code block here in the text.

S adding this to the 3 out of.

4.