AI Found 12 OpenSSL Bugs Hiding for 27 Years. Your Code Review Isn't Enough Anymore.
Source: Dev.to
Three Things That Broke the AI‑Security Conversation This Week
All happened within days of each other:
- AISLE’s AI system independently found twelve zero‑day vulnerabilities in OpenSSL – including bugs that had survived since 1998.
- Anthropic shipped Claude Code Security, which uncovered 500+ vulnerabilities in production open‑source codebases.
- A popular AI‑agent platform called OpenClaw collapsed under a critical RCE exploit, taking user trust down with it.
Together, they tell one story: AI has entered the security loop on both sides of the equation.
- It finds what humans miss.
- It also creates attack surfaces humans haven’t imagined yet.
AISLE’s AI System & OpenSSL Zero‑Days
- The AI discovered all twelve zero‑day vulnerabilities announced in OpenSSL’s January 2026 security release before the official disclosure.
- The most critical was CVE‑2025‑15467: a stack buffer overflow in CMS message parsing, CRITICAL (CVSS 9.8, NIST). It is potentially remotely exploitable without valid key material.
- Three of the twelve bugs had existed since 1998–2000.
“AI vulnerability finding is changing cybersecurity, faster than expected.” – Bruce Schneier
Implications
- The same system that found these bugs can be pointed at any codebase, including yours, before you’ve patched it.
- AI‑assisted security review is no longer optional – it separates the found‑first from the patched‑first teams.
Anthropic’s Claude Code Security
- Powered by Claude Opus 4.6.
- Result: 500+ vulnerabilities found in production open‑source codebases – bugs that survived decades of human expert review.
Why AI Beats Human Review
- Human reviewers suffer from fatigue, assumption blindness, and context‑switching costs.
- AI systems can hold an entire dependency graph in context and reason across call chains at scale.
Practical Takeaway
If you’re shipping code without AI‑assisted security review in 2026, you have a known blind spot – not a theoretical one.
OpenClaw Collapse
- Grew from 0 to 100 000+ GitHub stars in weeks.
- Built by Austrian developer Peter Steinberger as a “horizontal local‑first runtime employee” – fundamentally different from tools like Claude Code.
Architecture Distinction
| Feature | Claude Code | OpenClaw |
|---|---|---|
| Execution model | Vertical sandbox – summoned, performs a task, then closed. | Persistent background runtime – runs 24/7, handles ongoing jobs (e.g., triage inbox at midnight, summarize Discord every Friday). |
| Access scope | Limited, short‑lived access. | Broad, continuous access to API tokens, file system, code execution, and essentially the user’s entire digital life. |
- This persistent, broad‑access model made OpenClaw powerful and catastrophic when it failed.
CVE‑2026‑25253 – critical remote code execution vulnerability.
- Researchers at Koi found 341 malicious skills on the ClawHub marketplace (fake crypto‑trading bots, productivity tools that deployed Atomic macOS Stealer and other info‑stealing malware).
“OpenClaw’s failure isn’t a technical failure. It’s a trust‑model failure.” – Sabrina Ramonov
Key Question for AI‑Agent Builders
Where does the security boundary live – in the user’s judgment, or in the platform’s architecture?
Perplexity’s “Computer” – A Managed Alternative
- Launched Feb 25, 2026.
- Managed, sandboxed platform integrating 19 AI models across 15 workflow categories.
- Less raw power, but more guaranteed safety – the trade‑off is explicit.
Decision Tree for Builders
- Persistent background access → requires platform‑level security guarantees.
- Session‑scoped access → user‑level evaluation can work.
- Third‑party skill marketplace → you become a trust broker, whether you want to be or not.
Alibaba’s Qwen Team – New Open‑Source Models
-
Released Feb 24, 2026:
Qwen3.5-122B-A10BQwen3.5-35B-A3B(most noteworthy)Qwen3.5-27B
-
VentureBeat headline: these open‑source models offer Sonnet 4.5 performance on local hardware.
-
The 35B‑A3B model uses a Mixture‑of‑Experts architecture, activating only 3 B parameters per inference step – feasible on consumer‑grade hardware.
-
Context: February 2026 was the first month China’s AI model API call volume surpassed the US. Open‑source capability is catching up to frontier proprietary models faster than most roadmaps predicted.
Implication for Builders
- Data‑privacy‑sensitive workloads, security‑testing environments, or cost‑at‑scale scenarios can now consider local deployment of near‑frontier models as a real option, not just a hobbyist experiment.
# Pull and run the 35B‑A3B model with Ollama
ollama pull qwen3.5:35b-a3b
ollama run qwen3.5:35b-a3bAI‑Generated Voice Scam
Scenario: A man received a call from his wife’s number, in her voice, claiming their son was in a bike accident and needed $3,000 immediately.
The number was spoofed, and the voice was AI‑generated.
- This is not hypothetical – it’s a documented case from this week.
Simple, Zero‑Cost Defense
- Establish a family passphrase for any emergency that involves money or sensitive actions.
- The caller must speak the passphrase to verify identity.
- Implementation time: ~5 minutes.
- Effectiveness: Works against current AI voice‑cloning attacks.
Set it up today with anyone you’d send money to in an emergency.
Bottom Line
- AI security review is baseline, not a bonus.
- Tools like Claude Code Security are finding bugs that survived decades of expert human review.
- If you’re not using AI‑assisted code scanning on critical paths (auth, file parsing, network I/O), you’re leaving a known blind spot in your security posture.
Trust Model & Agent Permissions
Your agent’s trust model is your architecture. OpenClaw’s 100K‑star collapse happened because:
- Persistent access
- Third‑party marketplace
- User‑evaluated trust
These factors created a compounding blast radius.
Design Guidelines
- Make agent permissions session‑scoped by default.
- Require explicit elevation for higher privileges.
- Never assume users can audit third‑party skills at scale.
Local AI Deployment
Local AI deployment is now production‑ready for privacy‑focused use cases.
- Model: Qwen 3.5 (35B‑A3B)
- Performance: Activates ~3 B parameters per inference step → fits consumer‑grade GPUs.
- Benefits:
- Near‑frontier capability on‑device.
- Strong security testing and local code analysis.
- Offline workflows eliminate data exfiltration risks.
The cost and privacy arguments for self‑hosted AI have become significantly stronger.
Social Engineering – The Fastest‑Scaling Attack Surface
Social engineering attacks scale faster than any code exploit:
- Voice cloning
- Spoofed phone numbers
- Urgency manufacturing
These attacks don’t target your code; they target trust.
Defensive Approach
- Implement out‑of‑band verification protocols (e.g., secondary channels, one‑time passcodes).
- Rely on low‑tech passphrases and human confirmation rather than only technical patches.
Full Intelligence Report
Source: Zecheng Intel Daily – February 28, 2026
Topics: AI, SEO, markets, builder signals.