AI models are finding zero-day vulnerabilities that human researchers missed. Linux kernel, SQLite, cURL—the reports are real, and the implications are significant.
Article text
Something shifted in late 2025. AI security research went from "slop"—low-quality, hallucinated vulnerability reports flooding open source maintainers—to finding actual zero-days that human researchers had missed.
The change was abrupt enough that security professionals started calling it a "step function" improvement.
For businesses thinking about AI and security, this matters. Not because you'll run AI vulnerability scanning yourself (though you might). Because the economics and practice of security research just changed, and the implications are rippling through enterprise security teams, open source maintainers, and software supply chains.
What Actually Changed
In 2024, the dominant story was AI "slop." Maintainers of major open source projects were getting DDoSed by low-quality AI-generated security reports. The AI would hallucinate vulnerabilities that didn't exist. Humans had to spend hours debunking them.
By early 2026, that story inverted. Frontier models—Claude 4.6, OpenAI o3, Gemini 1.5 Pro—started finding legitimate, complex vulnerabilities that human researchers had overlooked.
Thomas Ptacek, a respected security researcher, put it bluntly:
"Within the next few months, coding agents will drastically alter both the practice and the economics of exploit development... Substantial amounts of high-impact vulnerability research will happen simply by pointing an agent at a source tree and typing 'find me zero days'."
That's not hype from a vendor. That's a practitioner describing what he's seeing.
Real Vulnerabilities, Real Impact
The proof is in the CVEs.
Linux Kernel (CVE-2025-37899):
Researcher Sean Heelan used OpenAI's o3 model to find a remote use-after-free vulnerability in the kernel's SMB implementation. The model successfully reasoned about concurrent connections and non-reference-counted objects across threads—a complex interaction pattern that requires understanding how multiple subsystems interact.
SQLite:
Google's Project Zero used Gemini 1.5 Pro to find a stack buffer underflow in SQLite before it reached a release. Their approach was variant analysis: feed the model details of a previously fixed bug to find similar patterns elsewhere.
cURL:
Daniel Stenberg, the maintainer of cURL, documented a transition from "AI slop" to what he called a "plain security report tsunami." One researcher using AI tools provided a data set that led to 22 actual bugfixes.
LiteLLM malware:
Researcher Callum McMahon used Claude to confirm a malicious supply-chain attack on PyPI. The model helped identify and analyze malicious code that had been obfuscated.
These aren't hypothetical. They're real vulnerabilities that are now patched.
Why LLMs Are Good at This
Three factors make modern LLMs surprisingly effective at vulnerability research:
1. Supernatural correlation.
Models encode knowledge of how disparate subsystems interact. A human might know Linux KVM well, or
hrtimer
well, but rarely both deeply enough to spot subtle interaction bugs. LLMs have "read" the documentation and code for both.
2. Pattern matching at scale.
Every documented bug class—stale pointers, type confusion, race conditions—is encoded in the model's training data. The model doesn't need to be taught what a use-after-free looks like. It already knows.
3. Persistence without fatigue.
Human researchers get tired, bored, or distracted. AI agents can perform exhaustive searches across codebases without losing focus. They can try 100 different code paths to see if one is vulnerable.
The combination is potent. Not better than skilled humans, but different—and increasingly useful.
The Maintainer Backlash
There's a flip side. Open source maintainers are overwhelmed.
Linux kernel maintainers report security submissions jumping from 2-3 per week to 5-10 per day. They're seeing "duplicate reports" where two different people independently find the same bug using AI tools.
cURL implemented new policies: anyone submitting unverified AI-generated "junk" gets banned instantly. The maintainer time cost of filtering real from fake was unsustainable.
Django now requires explicit disclosure of AI use in security reports and verification that findings are reproducible. The policy is explicit: if you used AI, say so, and prove the bug is real.
These are healthy adaptations. But they signal a new normal: AI-assisted security research is now routine, and the humans on the receiving end need protection from the noise.
What This Means for Your Business
If you're not a security researcher or open source maintainer, why should you care?
1. Your vendors are being tested differently.
The software you depend on—open source libraries, SaaS platforms, infrastructure tools—is now being probed by AI at unprecedented scale. That means more vulnerabilities found, faster. It also means faster patch cycles and potentially more disruption.
2. The talent bar is shifting.
Security researchers who use AI tools effectively are dramatically more productive than those who don't. If you're hiring security talent, the question isn't whether they use AI—it's how sophisticated their AI workflow is.
3. Your own code is more exposed.
If you ship software, AI vulnerability scanning is now accessible to anyone. That includes security researchers, bug bounty hunters, and attackers. The "security through obscurity" argument just got weaker.
4. Compliance is adapting.
Expect standards and frameworks to evolve. SBOMs (Software Bill of Materials) and vulnerability disclosure policies will need to account for AI-generated findings.
The Practical Takeaway
AI-powered security research is no longer experimental. It's producing real CVEs, changing maintainer workflows, and shifting the economics of vulnerability discovery.
For security teams, the immediate action items are:
Update disclosure policies
to require AI disclosure and reproducibility verification
Evaluate AI-assisted scanning tools
for your own codebases (tools like Almanax, Amplify Security, Corgea, Gecko Security, and ZeroPath are emerging)
Prepare for faster vulnerability cycles
in the software supply chain you depend on
The "slop" era is mostly over. What replaced it is something more consequential: AI that actually finds bugs.
If you're thinking through how AI changes your security posture—both the risks and the opportunities—we do 30-minute discovery calls to map out where the practical applications are for your business. No pitch. Just clarity.