All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

AI Security Tools Find 50 Real Bugs in cURL Open-Source Project

By

etn_se

7mo ago· 5 min readenNews
Bagel score 92 of 100
92/100
Golden Brown
Bagelometer

Slow-proofed and worth the wait. Worth its weight in flour.

Score92TypenewsSentimentpositive

Summary

A security researcher successfully used AI-based static application security testing (SAST) tools to identify 50 real bugs in the widely-used cURL open-source project, demonstrating that AI tools can be effective for security analysis when used properly. The article features interviews with both the cURL maintainer Daniel Stenberg and the researcher Joshua Rogers, highlighting how this approach differs from typical AI-generated bug reports that are often unreliable.

Key quotes

· 3 pulled
AI-generated bug reports are usually trash. But when a security researcher used LLM-based scanners the right way, he found 50 real bugs in libcURL.
With the help of generative AI–based tools, a developer named Joshua Rogers has identified no fewer than 50 flaws in one of the world’s most widely used open-source projects, cURL.
The Swedish maintainer of cURL — who recently vented his frustration about AI-generated bug reports — acknowledges the legitimate findings from this proper use of AI tools.
Snippet from the RSS feed
Nyheter för dig som är verksam i den svenska elektronikbranschen som exempelvis tillverkare, konsult, distributör, finansiär, investerare, konstruktör eller tekniker.

You might also wanna read

AI bug-finding systems uncover real vulnerabilities at DARPA cybersecurity challenge

The article discusses the DARPA AI Cyber Challenge (AIxCC) held in Las Vegas, where top cybersecurity teams demonstrated AI-powered bug-find

The Verge·1mo ago

AI discovers 271 Firefox vulnerabilities, signaling security debt repayment

Mozilla discovered 271 previously unknown Firefox vulnerabilities in just days using AI-powered testing, bugs that millions of automated tes

buff.ly·4d ago

IBM and Red Hat launch Project Lightwell: $5 billion AI initiative to fix open-source security crisis

IBM and Red Hat are launching Project Lightwell, a $5 billion initiative deploying 20,000 engineers to address the growing security crisis i

zdnet.com·1d ago

AI-Powered Bug Discovery Finds 271 Hidden Vulnerabilities in Firefox, Signaling New Era for Software Security

Security Now episode 1080 analyzed how frontier AI models (specifically Claude) discovered 271 hidden bugs in Firefox's codebase, as documen

twit.tv·4d ago

AI-assisted vulnerability discovery raises concerns about Linux kernel security

This opinion article discusses a troubling trend in Linux security where AI-powered tools are being used to discover and exploit kernel vuln

theregister.com·1d ago

AI security audit of FreeBSD kernel reveals 15 bugs including RCEs and a hypervisor escape

An AI audit of FreeBSD uncovered 15 kernel bugs, including 3 remote code execution vulnerabilities, 5 local privilege escalation flaws, and

blog.calif.io·3d ago