惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Tenable Blog
Last Week in AI
Last Week in AI
P
Proofpoint News Feed
Engineering at Meta
Engineering at Meta
H
Help Net Security
F
Fortinet All Blogs
MyScale Blog
MyScale Blog
宝玉的分享
宝玉的分享
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
博客园 - 司徒正美
量子位
N
Netflix TechBlog - Medium
Apple Machine Learning Research
Apple Machine Learning Research
小众软件
小众软件
Recorded Future
Recorded Future
博客园 - 三生石上(FineUI控件)
Vercel News
Vercel News
aimingoo的专栏
aimingoo的专栏
I
InfoQ
Microsoft Security Blog
Microsoft Security Blog
Scott Helme
Scott Helme
The Last Watchdog
The Last Watchdog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
IT之家
IT之家
AI
AI
WordPress大学
WordPress大学
Security Archives - TechRepublic
Security Archives - TechRepublic
Google Online Security Blog
Google Online Security Blog
U
Unit 42
V2EX - 技术
V2EX - 技术
MongoDB | Blog
MongoDB | Blog
Schneier on Security
Schneier on Security
博客园 - Franky
H
Heimdal Security Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Jina AI
Jina AI
W
WeLiveSecurity
P
Privacy & Cybersecurity Law Blog
Cloudbric
Cloudbric
B
Blog RSS Feed
N
News | PayPal Newsroom
S
Securelist
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
I
Intezer
Hacker News - Newest:
Hacker News - Newest: "LLM"
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
博客园_首页
罗磊的独立博客
H
Hackread – Cybersecurity News, Data Breaches, AI and More
雷峰网
雷峰网

FreeBSD Foundation

FreeBSD Graphics Port Upgraded to Linux 6.12 | FreeBSD Foundation Recap of the April 2026 Frankfurt Area FreeBSD Hackathon – Sven Ruediger | FreeBSD Foundation Cleaning Up Critical Infrastructure in FreeBSD | FreeBSD Foundation AsiaBSDCon 2026 Trip Report – Saikeo | FreeBSD Foundation AsiaBSDCon 2026 Trip Report – Minsoo Choo | FreeBSD Foundation Call for testing: introducing the Laptop Integration Testing project | FreeBSD Foundation Build a NAS using FreeBSD on a Raspberry Pi | FreeBSD Foundation Getting ready for the Cyber Resilience Act | FreeBSD Foundation FreeBSD Foundation Q4 2025 Status Update | FreeBSD Foundation The Q4 2025 Issue of the FreeBSD Journal is Now Available! | FreeBSD Foundation Powering the Future of FreeBSD | FreeBSD Foundation 2025: Software Development and Infrastructure Support. | FreeBSD Foundation Infrastructure Modernization – commissioned by the Sovereign Tech Agency | FreeBSD Foundation FreeBSD Closes the Laptop Gap: Year One Project Update | FreeBSD Foundation 2025: A Year of Advocacy, Community, and Growth | FreeBSD Foundation
FreeBSD AI-assisted Vulnerability Discovery Project launch | FreeBSD Foundation
Florine Kamdem · 2026-06-16 · via FreeBSD Foundation
June 15, 2026

About the project

The FreeBSD Foundation has launched its AI-assisted Vulnerability Discovery Project with the key goal of reducing the number of exploitable vulnerabilities in the FreeBSD source code.

The 6-month project is being funded by a grant from the Alpha Omega project. The funds will be used to engage FreeBSD Security Team members under fixed-term contracts to find and patch vulnerabilities. The Security Team’s access to publicly available AI models and tokens will be provided free of charge. AI will be used for vulnerability discovery and analysis only, all patches will be manually created.  

Why this is important now

Open source codebases have become a key target for AI-assisted vulnerability scanning and this has reduced the effective time to exploitation to 0 days. The FreeBSD Project has already received a number of credible vulnerability reports that are attributable to AI-enabled security tools. 

The implications of this include: 

  • It is possible for malicious actors to find exploitable vulnerabilities and use them before anyone else is aware of them. This increases the risk for open source users and harms trust.
  • Anyone with a moderate technical skillset can find and report vulnerabilities if they use an AI-assisted security tool. This can lead to a rapid increase in report numbers and a potential decrease in report quality. Dealing with this change in dynamic can be challenging for open source projects. 

These risks have been recognized by many in the software industry – the Linux Foundation security initiative that this project falls under was funded by donations from Anthropic, AWS, GitHub, Google, Google DeepMind, Microsoft, and OpenAI. The initiative has the explicit goal of improving the security of open source software. 

What the project covers

The FreeBSD Foundation has received a $250k grant to secure time from key members of the FreeBSD Security team and to cover time from other staff as needed to support their work. Accessing AI models for vulnerability analysis will be free of charge for the duration of the project.

The project’s goals are to reduce the number of vulnerabilities in the FreeBSD source code and to develop practical approaches that will improve efficiency in vulnerability management.

AI will be used to find vulnerabilities that will then be manually triaged, validated and patched. As this work is carried out, there will be opportunities to improve and automate elements of the FreeBSD Security Team’s infrastructure. Some examples include: improving fuzzing capabilities for pre-merge, stable, and release branches, and for vulnerability patches, or automatically triaging vulnerability reports. This work will also be within the project’s scope. 

Initially, the FreeBSD kernel will be the focus of the project, followed by the base system userland, and the ports tree. All parts of FreeBSD may be in scope and will be addressed in priority order as time allows. 

The project team will also liaise with other similar projects being funded by Alpha Omega to mutually share and improve the work being done. 

“We are grateful to Alpha-Omega for supporting this important work. Their investment in our AI-Assisted Vulnerability Discovery project recognizes FreeBSD’s role as a critical component of global digital infrastructure. As the volume of vulnerability reports continues to grow, this funding will help us strengthen our ability to efficiently assess, prioritize, and respond to security issues, ensuring FreeBSD remains a secure and dependable platform for the many individuals, organizations, and products that rely on it worldwide.” – Deb Goodkin. Executive Director, FreeBSD Foundation.

“The FreeBSD Security Team has been receiving an increasing number of vulnerability reports from researchers leveraging AI tooling, and that volume continues to grow. This funding augments our volunteer Security Team, giving us the capacity to find, triage, and fix vulnerabilities rather than only responding to those reported to us.” – Gordon Tetlow, Security Officer, The FreeBSD Project

Project partners

The project is possible thanks to the support of many parties. In addition to the funding already mentioned, there are other important partners who will be helping to ensure a successful and impactful project. 

Netflix has agreed to help test and validate changes, particularly those involving the network stack. NetApp and Verisign will also provide input on which functional areas should be focused on for vulnerability searching, collaborate on AI-assisted scanning, and help with regression testing and validation of prospective patches.

There are also some security researchers and FreeBSD vendors that have access to Claude Mythos Preview through Project Glasswing, and they have offered to use it for supplemental discovery and analysis on our behalf where practical.

A number of other open source projects are also running similar efforts. These include Ruby, Node.js, and PHP.

Find out more

To follow the progress of the project and to access more information, please visit https://github.com/FreeBSDFoundation/all-projects/tree/main/AI-assisted-vulnerability-discovery

Meet the Engineers

This project is being staffed by several part-time engineers.

Mark Johnston

Contract Security Engineer at the FreeBSD Foundation and member of the FreeBSD Security Team.

Howdy, I’m Mark, a long(ish)-time FreeBSD developer and user since 8.1-RELEASE. I’ve worked on many different parts of the operating system, in both professional and volunteer roles, and I’m excited for this opportunity to re-examine and improve the way we handle security in the FreeBSD project.

Pierre Pronchery

Contract Security Engineer at the FreeBSD Foundation and member of the FreeBSD Security Team.

Pierre Pronchery is passionate about Open Source software and Operating System internals in particular, which has led him to join the NetBSD Foundation as Developer in 2012 and then as Director on the Board since 2017. Learning how systems work also teaches how they break, and it only made sense for him to  advise and audit major companies professionally as IT-Security Consultant, in a variety of situations involving Penetration-Testing, Incident Response, Reverse Engineering, or Red Teaming. More recently, he joined the FreeBSD Foundation as Security Engineer, where he currently helps the FreeBSD Project as Developer and member of the Security Team.

Tuukka Pasanen

Contract DevOps Engineer at the FreeBSD Foundation.

I’ve been a long-time Open Source enthusiast since 1998. I started with Linux system administration with a strong vibe of tinkering with basics of the operating system and creating artsy stuff which I still find very dear to me. During the years I’ve done development work on QNX and HP-UX (as well as AIX), I have always found my home around Linux, coding, and DevOps. Lately, I’ve been reforming my Unix roots by contracting with the FreeBSD Foundation, where I have truly appreciated its power.  For me, LLM security automation represents an exploration of new ways to secure the digital world for all of us.