Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Learn how to leverage artificial intelligence to identify unreported security vulnerabilities in open-source software through this conference talk from BSidesSF 2025. Discover the methodology behind monitoring public changelogs of popular open-source projects to detect silently patched security fixes that were never formally disclosed. Explore how dual Large Language Model (LLM) systems can be implemented to automatically scan change logs and verify findings with security engineering teams. Examine the research results that uncovered over 600 vulnerabilities, with 25% classified as high or critical severity, demonstrating the significant security gap in unreported fixes. Understand the implications of silent patching practices in the open-source ecosystem and gain insights into automated vulnerability discovery techniques that can enhance security monitoring and threat intelligence capabilities.
