AI Can Find Hidden Software Bugs, But It Also Creates Them

Increasingly, artificial intelligence is proving effective at identifying hidden vulnerabilities in legacy software. For example, Mark Russinovich used Claude to analyze assembly code he wrote in 1986 for the Apple II 6502 processor. As a result, the model explained the code and uncovered subtle logic flaws that had remained undetected for decades. More broadly, large language models can reason through low-level program logic and reveal hidden failure paths. Therefore, organizations maintaining long-lived systems could use AI analysis to significantly strengthen software security.

However, experts warn that the same technology could also expand the attack surface. If AI systems can analyze old binaries and obscure architectures, attackers may also use them to identify vulnerabilities in legacy systems that are no longer maintained or patched. Billions of embedded devices worldwide still run outdated firmware, making them potential targets for AI-assisted exploitation. 

AI models are increasingly being used alongside traditional security tools. Meanwhile, large language models provide a complementary capability by analyzing system behavior and identifying potential failure scenarios. 

Security teams are already applying this approach at scale. For example, AI-assisted security analysis helped uncover high-severity bugs in the open-source browser of Mozilla Firefox in a matter of weeks. 

Despite these advances, AI is far from replacing human developers or security engineers. Research shows that AI-generated code introduces significantly more vulnerabilities than human-written code. One study found that AI systems created 1.7 times as many bugs, including more critical security issues. 

For now, experts agree that AI works best as an assistant rather than a replacement. Combined with traditional security tools and human oversight, AI can help organizations identify hidden vulnerabilities faster, but relying on it alone could introduce new risks. 

Source: 

https://www.zdnet.com/article/ai-finds-hidden-bugs-old-code/