In 2025, an AI system identified four previously unknown security issues in OpenSSL, three of which were disclosed and fixed by the system. The findings highlight the potential of AI in proactively discovering vulnerabilities in critical infrastructure.

NIST has announced that all Common Vulnerabilities and Exposures (CVEs) published before January 1, 2018, will be classified as "deferred" in the National Vulnerability Database. This decision aims to prioritize the analysis of newer vulnerabilities while indicating that older ones still require attention from organizations for remediation.