""Our security team immediately began validating the bug bounty report. Within 40 minutes, we had reproduced the vulnerability internally and confirmed the severity," explains Alexis Walesa, GitHub chief information security officer."
""In less than two hours we had validated the finding, deployed a fix to github.com, and begun a forensic investigation that concluded there was no exploitation," says Walesa."
""Notably, this is one of the first critical vulnerabilities discovered in closed-source binaries using AI, highlighting a shift in how these flaws are identified," says Sagi Tzadik, a security researcher at Wiz."
""A finding of this caliber and severity is rare, earning one of the highest rewards available in our Bug Bounty program, and serves as a reminder that the most impactful security research comes from skilled researchers who know how to ask the right questions," says Wales."
A critical remote code execution vulnerability in GitHub's internal infrastructure was discovered by Wiz Research using AI models. GitHub's security team quickly validated the report, reproducing the vulnerability within 40 minutes. The engineering team developed and deployed a fix just over an hour after identifying the root cause. The entire process took less than six hours, with no exploitation confirmed. This incident highlights the effectiveness of AI in identifying vulnerabilities and the importance of skilled researchers in security.
Read at The Verge
Unable to calculate read time
Collection
[
|
...
]