In late summer 2025, a research team tested their AI system on OpenSSL and uncovered several security vulnerabilities, leading to the announcement of four CVEs in the Fall 2025 OpenSSL security release. Notably, the AI identified two moderate severity issues that had gone undetected for over 15 years. CVE-2025-9230 involved an out-of-bounds read/write in the CMS password-based encryption, while CVE-2025-9231 was a timing side-channel vulnerability in SM2 elliptic-curve signatures on 64-bit ARM. The team also found a low severity CVE related to an out-of-bounds read in HTTP client handling for IPv6 hosts. The AI's success in discovering these vulnerabilities aligns with trends observed by the Frontier of the Year 2025 project, which highlighted AI-driven vulnerability discovery as a significant breakthrough. The system's approach includes scanning, analysis, and patch generation, with human oversight focused on quality control rather than the discovery process itself. In contrast, the situation with cURL illustrates challenges faced by the security community. Daniel Stenberg, cURL's creator, reported a flood of low-quality AI-generated submissions that overwhelmed their bug bounty program, ultimately leading to its closure. Despite this, the AISLE team managed to report five genuine CVEs for cURL, underscoring that while AI can generate noise, it can also produce valuable findings. By early 2026, the AI system's performance had led to significant findings across multiple projects, including OpenSSL and cURL. The article suggests a shift in the cybersecurity landscape, with AI capabilities improving and potentially favoring defensive measures. The true impact on overall security remains uncertain, but recent developments indicate that AI can effectively find vulnerabilities even in well-audited codebases. The ongoing tracking of CVE counts and their real-world implications will be essential to understanding the full scope of AI's role in cybersecurity.