Cybersecurity

AI Discovers Critical Security Flaw Hidden in Code Since 1999; Retired Programmer 'Deeply Sorry, Also Impressed'

SAN FRANCISCO — An AI system has identified a critical security vulnerability that had been sitting inside OpenBSD code, undetected, for twenty-seven years — prompting emergency patches, a $100 million commitment from Anthropic to open-source security, and a very uncomfortable Sunday phone call to a retired programmer in suburban Ohio.

The flaw, introduced in 1999 during what three sources independently characterised as “definitely a Friday afternoon,” survived through six US presidential administrations, the dot-com bubble and its collapse, the rise and fall of three social media platforms, two complete reinventions of JavaScript, and what the security community refers to simply as “the PHP years.”