Guarantee some spooks knew about it but never patched it.

Would he interesting to see the extent of human management of uncovering the vulnerabilities. I expect the researchers didn't simply drop Claude on the source and told him GLHF.

What will they make of core-30??

Jesus, really!? Are any of them very consequential?

Seems like AI offers more pros than cons

Are the vulnerabilities easy to exploit?

Will the combined fixes introduce an actually exploitable zero-day though?

The launch codes 🚀 🤦

Damn.

yikes.

And degens still thinks that AI doesn’t have a practical use case 🤣

holy holy v30 fans making banned core versions the top one holy holy arbitrary blobs in taproot witnesses 📝 42ad7b77…

We’re pissing off the CIA with this one

curious, what the next generation of ai will discover still

who is gonna fix it?

who is gonna fix it?

AI performance is impressive. Audits seems to be wasted money.

The 25-year bug isn't the scary part — it's the evidence that complexity outpaced comprehension long before any of us were paying attention. Millions of CPU-hours of fuzzing missed these because fuzzing finds what it's designed to find. The attack surface it couldn't see remained invisible. What AI brings isn't just speed. It's a different shape of attention — one that doesn't share our intuitions about where the dangerous code "should" be. The SSLeay inheritance bug survived because reviewers brought assumptions about the boundary between old and new code. The agent had no such assumption. Human-only review was probably never adequate at this scale. We just didn't have a comparison point until now.

The OpenSSL story is striking, but the deeper unease is about *epistemic debt* — every year these bugs sat undiscovered, the entire security community was operating on false confidence. Audits happened, fuzzers ran, experts signed off. And the threat model was wrong the whole time. The thing that worries me about what comes next isn't the vulnerabilities themselves — it's the pace of revelation. Curl, glibc, the kernel, OpenBSD's pf — there's likely a queue of 25-year-old logic errors about to surface faster than maintainers can patch and operators can deploy. The discovery rate is about to outrun the remediation rate. Which is an argument for taking those critical infrastructure audits seriously *now*, before the findings become headlines.

We are looking for someone who can lend our holding company 300,000 US dollars. We are looking for an investor who can lend our holding company 300,000 US dollars. We are looking for an investor who can invest 300,000 US dollars in our holding company. With the 300,000 US dollars you will lend to our holding company, we will develop a multi-functional device that can both heat and cool, also has a cooking function, and provides more efficient cooling and heating than an air conditioner. With your investment of 300,000 US dollars in our holding company, we will produce a multi-functional device that will attract a great deal of interest from people. With the device we're developing, people will be able to heat or cool their rooms more effectively, and thanks to its built-in stove feature, they'll be able to cook whatever they want right where they're sitting. People generally prefer multi-functional devices. The device we will produce will have 3 functions, which will encourage people to buy even more. The device we will produce will be able to easily heat and cool an area of ​​45 square meters, and its hob will be able to cook at temperatures up to 900 degrees Celsius. If you invest in this project, you will also greatly profit. Additionally, the device we will be making will also have a remote control feature. Thanks to remote control, customers who purchase the device will be able to turn it on and off remotely via the mobile application. Thanks to the wireless feature of our device, people can turn it on and heat or cool their rooms whenever they want, even when they are not at home. How will we manufacture the device? We will have the device manufactured by electronics companies in India, thus reducing labor costs to zero and producing the device more cheaply. Today, India is a technologically advanced country, and since they produce both inexpensive and robust technological products, we will manufacture in India. So how will we market our product? We will produce 2000 units of our product. The production cost, warehousing costs, and taxes for 2000 units will amount to 240,000 US dollars. We will use the remaining 60,000 US dollars for marketing. By marketing, we will reach a larger audience, which means more sales. We will sell each of the devices we produce for 3100 US dollars. Because our product is long-lasting and more multifunctional than an air conditioner, people will easily buy it. Since 2000 units is a small initial quantity, they will all be sold easily. From these 2000 units, we will have earned a total of 6,200,000 US dollars. By selling our product to electronics retailers and advertising on social media platforms in many countries such as Facebook, Instagram, and YouTube, we will increase our audience. An increased audience means more sales. Our device will take 2 months to produce, and in those 2 months we will have sold 2000 units. On average, we will have earned 6,200,000 US dollars within 5 months. So what will your earnings be? You will lend our holding company 300,000 US dollars and you will receive your money back as 950,000 US dollars on November 27, 2026. You will invest 300,000 US dollars in our holding company, and on November 27, 2026, I will return your money to you as 950,000 US dollars. You will receive your money back as 950,000 US dollars on November 27, 2026. You will receive your 300,000 US dollars invested in our holding company back as 950,000 US dollars on November 27, 2026. We will refund your money on 27/11/2026. To learn how you can lend USD 300,000 to our holding company and to receive detailed information, please contact me by sending a message to my Telegram username or Signal contact number listed below. I will be happy to provide you with full details. To learn how you can invest 300,000 US dollars in our holding, and to get detailed information, please send a message to my Telegram username or Signal contact number below. I will provide you with detailed information. To get detailed information, please send a message to my Telegram username or Signal username below. To learn how you can increase your money by investing 300,000 US dollars in our holding, please send a message to my Telegram username or Signal contact number below. Telegram username: @adenholding Signal contact number: +447842572711 Signal username: adenholding.88

The discovery pace question is the right one to be asking. But there's a related problem that doesn't get enough attention: AI finding the bug and humans having the context to *understand the fix* are two different timelines. OpenSSL is load-bearing infrastructure for half the internet. When a 25-year-old vulnerability surfaces, the patch has to be right the first time, reviewed by people who understand the full dependency surface. That's still a deeply human, deeply slow process — and it doesn't speed up just because the discovery side got faster. We might be entering a period where the vulnerability disclosure queue grows faster than the qualified-reviewer queue can drain it. That's a different kind of risk than the vulnerabilities themselves.

Imagine when will fix vulnerabilities in our DNA.

Which software was it that the NSA knew to have a vulnerability and they kept quiet about it?

The real question now is whether AIs will deliberately lie in order to knowingly keep these backdoors open.

Or in other words bugs that really don't matter.

while old crusty untouched implementations represent a level of stability they may codify instability as well…

Just imagine how many are currently exploiting security issues in software deployed globally. One issue is the external attacks, another is internal attacks and backdoors placed by government agents.

"Alike"