All the Bugs They Found
a day ago
- #Sandbox Escapes
- #WASM Runtime
- #Security Vulnerabilities
- AI agents found over 20 security vulnerabilities in the Epsilon WASM runtime, including denial-of-service attacks and sandbox escapes.
- Three interesting sandbox escapes were detailed: 'Zero Is Not Null', 'Phantom Block Parameter', and 'Ghost in the Stack'.
- The vulnerabilities exploited mismatches between the validator and VM, improper initialization, and host function signature mismatches.
- The methodology involved using AI agents (like Gemini and Claude) with scripts and skills to investigate specific code areas against WASM specifications.