{"id":3226,"date":"2025-04-12T05:04:44","date_gmt":"2025-04-12T05:04:44","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/04\/12\/ai-vulnerability-finding-html\/"},"modified":"2025-04-12T05:04:44","modified_gmt":"2025-04-12T05:04:44","slug":"ai-vulnerability-finding-html","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/04\/12\/ai-vulnerability-finding-html\/","title":{"rendered":"AI Vulnerability Finding"},"content":{"rendered":"\n<div>AI Vulnerability Finding<\/div>\n<p> \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p>Microsoft is <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2025\/03\/31\/analyzing-open-source-bootloaders-finding-vulnerabilities-faster-with-ai\/\">reporting<\/a> that its AI systems are able to find <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/microsoft-uses-ai-to-find-flaws-in-grub2-u-boot-barebox-bootloaders\/\">new vulnerabilities<\/a> in source code:<\/p>\n<blockquote>\n<p>Microsoft discovered eleven vulnerabilities in GRUB2, including integer and buffer overflows in filesystem parsers, command flaws, and a side-channel in cryptographic comparison.<\/p>\n<p>Additionally, 9 buffer overflows in parsing SquashFS, EXT4, CramFS, JFFS2, and symlinks were discovered in U-Boot and Barebox, which require physical access to exploit.<\/p>\n<p>The newly discovered flaws impact devices relying on UEFI Secure Boot, and if the right conditions are met, attackers can bypass security protections to execute arbitrary code on the device.<\/p>\n<\/blockquote>\n<p>Nothing major here. These aren\u2019t exploitable out of the box. But that an AI system can do this at all is impressive, and I expect their capabilities to continue to improve.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Bruce Schneier<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/www.schneier.com\/blog\/archives\/2025\/04\/ai-vulnerability-finding.html\">Go to bruce schneier<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>AI Vulnerability Finding Microsoft is reporting that its AI systems are able to find new vulnerabilities in source code: Microsoft discovered eleven vulnerabilities in GRUB2, including integer and buffer overflows in filesystem parsers, command flaws, and a side-channel in cryptographic comparison. Additionally, 9 buffer overflows in parsing SquashFS, EXT4, CramFS, JFFS2, and symlinks were discovered [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[167,57,158,1,416],"tags":[87],"class_list":["post-3226","post","type-post","status-publish","format-standard","hentry","category-ai","category-bruce-schneier","category-microsoft","category-uncategorized","category-vulnerabilities","tag-bruce-schneier"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/3226"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=3226"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/3226\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=3226"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=3226"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=3226"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}