DiscoverOpen Source SecurityActually finding vulnerabilities using AI with Joshua Rogers
Actually finding vulnerabilities using AI with Joshua Rogers

Actually finding vulnerabilities using AI with Joshua Rogers

Update: 2025-10-13
Share

Description

I chat with Joshua Rogers about a blog post he wrote as well as some bugs he submitted to the curl project. Joshua explains how he went searching for some AI tools to help find security bugs, and found out they can work, if you're a competent human. We discuss the challenges of finding effective tools, the importance of human oversight in triaging vulnerabilities, and how to submit those bugs to open source projects responsibly. It's a very sane and realistic conversation about what AI tools can and can't do, and how humans should be interacting with these things.

The show notes and blog post for this episode can be found at
https://opensourcesecurity.io/2025/2025-10-ai-joshua-rogers/

Comments 
In Channel
Actually finding vulnerabilities using AI with Joshua Rogers

Actually finding vulnerabilities using AI with Joshua Rogers

2025-10-1331:35

Sustaining Package Repositories with Brian Fox

Sustaining Package Repositories with Brian Fox

2025-10-0642:20

Arch Linux Security with Foxboron and Anthraxx

Arch Linux Security with Foxboron and Anthraxx

2025-09-2938:08

OpenSSL with Hana Andersen and Anton Arapov

OpenSSL with Hana Andersen and Anton Arapov

2025-09-2228:48

The Python Software Foundation with Deb Nicholson

The Python Software Foundation with Deb Nicholson

2025-09-1537:48

Using Mercator to map assets with Didier Barzin

Using Mercator to map assets with Didier Barzin

2025-09-0825:48

Talos Linux security with Andrey Smirnov

Talos Linux security with Andrey Smirnov

2025-09-0138:04

Discussing the Open Source, Open Threats? paper with Behzad and Ali

Discussing the Open Source, Open Threats? paper with Behzad and Ali

2025-08-2534:59

crates.io trusted publishing with Tobias Bieniek

crates.io trusted publishing with Tobias Bieniek

2025-08-1825:39

CVE update with Patrick Garrity

CVE update with Patrick Garrity

2025-08-1132:25

GCVE with Cédric Bonhomme and Alexandre Dulaunoy

GCVE with Cédric Bonhomme and Alexandre Dulaunoy

2025-08-0431:38

EU Regulations will change everything with Daniel Thompson

EU Regulations will change everything with Daniel Thompson

2025-07-2831:57

Open source microprocessors with Jan Pleskac

Open source microprocessors with Jan Pleskac

2025-07-2130:51

Package URLs with Philippe Ombredanne

Package URLs with Philippe Ombredanne

2025-06-2336:48

Hobbyist Maintainers with Thomas DePierre

Hobbyist Maintainers with Thomas DePierre

2025-06-1649:03

STIG automation with Aaron Lippold

STIG automation with Aaron Lippold

2025-06-0933:28

Ecosyste.ms with Andrew Nesbitt

Ecosyste.ms with Andrew Nesbitt

2025-06-0235:38

Curl vs AI with Daniel Stenberg

Curl vs AI with Daniel Stenberg

2025-05-2634:23

Repository signing with Kairo De Araujo

Repository signing with Kairo De Araujo

2025-05-1933:29

Securing GitHub Actions with William Woodruff

Securing GitHub Actions with William Woodruff

2025-05-1231:50

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

Actually finding vulnerabilities using AI with Joshua Rogers

Actually finding vulnerabilities using AI with Joshua Rogers