Casting a Net(ty) for Bugs, and Catching a Big One (CVE-2025-59419)(depthfirst.com)
depthfirst.com
Casting a Net(ty) for Bugs, and Catching a Big One (CVE-2025-59419)
https://www.depthfirst.com/post/our-ai-agent-found-a-netty-zero-day-that-bypasses-email-authentication-the-story-of-cve-2025-59419
4 comments
Brilliant use case - to what degree is the agent being guided? Is it mostly a pairing exercise or agent exploration followed by human validation?
I pointed it at the library's git and let it run from there! I validated all the output (vuln description, risk assessment, exploit poc, patch) before reporting to maintainers