A pseudonymous security researcher released over 30 zero-day exploit proofs for various open-source projects via the 'Exploitarium' repository on GitHub. The researcher automated the fuzzing process using AI to identify vulnerabilities without prior disclosure to maintainers, sparking debate in the cybersecurity community over the ethics of such an approach. This method bypasses Coordinated Vulnerability Disclosure (CVD) norms, which traditionally involve privately informing developers to allow time for fixes.
Some exploits have prompted official CVE identifiers, including a critical RCE vulnerability in libssh2. The researcher aims to encourage interest in cybersecurity but acknowledges the potential risks of misuse by malicious actors.