AISLE for Open Source

AISLE is committed to helping keep Open Source projects safe and secure. Our AI-powered analyzer is already making a difference in some of the most tested code bases on the planet.

Request Access

Currently in private beta — access is granted after install.

Proven on the world's most heavily audited code bases

OpenSSL logocURL logoLinux logoChromium logoApache logoMozilla logoRedis logoSQLite logo
Getting Started

First results in minutes

01Install app

Add AISLE to your organization or repository from the GitHub Marketplace. One click, no configuration files.

02Select repo

Choose which repositories to enable. The bot stays dormant until explicitly triggered — no surprise comments.

03Tag analyzer

Mention @aisle-security in any PR comment. The bot analyzes the change and posts findings directly in the thread.

Access is currently allow-listed. After installing the app, our team will enable the bot. Until approved, tagging @aisle-security won't trigger a response.

In Production

Running on projects trusted by millions

Add ASCON-AEAD128 cipher implementation per NIST SP 800-232 #29934

Open

evil-cry wants to merge into openssl:master from evil-cry:feature/ascon128

t8m

@aisle-security

👀1
aisle-securitybot

🔒Aisle Security Analysis

We found 6 potential security issue(s) in this PR:

#SeverityTitle
1MediumOut-of-bounds write in ASCON-AEAD128 provider update due to missing outsize validation
2MediumASCON-AEAD128 provider init can silently reuse stale key when key and IV are set in multiple steps
3LowAscon-AEAD128 manpage omits critical nonce-uniqueness and tag-verification guidance
4LowASCON-AEAD128 decryption releases plaintext before tag verification (unauthenticated plaintext on tag failure)
5LowASCON-AEAD128 registered in default provider without OPENSSL_NO_ASCON128 guard
6LowInconsistent disable token for ASCON-AEAD128 breaks configuration-based disabling

Each finding is detailed in a separate comment below.

levitte

The bot is quite correct that things need to be consistent, and that for something disablable, you have to insert it in the @disablables array in Cofnigure.

(I'm impressed by this catch!)

❤️1
View on GitHub →

http_aws_sigv4: fix query normalization #20550

Closed

bagder wants to merge into curl:master from feature/branch

bagder

@aisle-security thoughts?

👀1
aisle-securitybot

🔒Aisle Security Analysis

✅ We scanned this PR and did not find any security vulnerabilities.

Aisle supplements but does not replace security review.

View on GitHub →

Enable RFC 7919 FFDHE groups for TLS 1.2 server #24551

Closed

jvdsn wants to merge into openssl:master from jvdsn:tls1_2-rfc7919

mattcaswell

@aisle-security

👀1
aisle-securitybot

🔒Aisle Security Analysis

We found 1 potential security issue(s) in this PR:

#SeverityTitle
1MediumRFC7919 FFDHE compatibility check bypass for DHE-PSK cipher suites during server cipher selection

Each finding is detailed in a separate comment below.

View on GitHub →

"AI found 12 vulns in OpenSSL — the same codebase that had enormous scrutiny after Heartbleed. Some of these findings are complex and non-trivial discoveries. We are in a new era. Hat tip to AISLE."

Rob Joyce
Rob Joycefmr. NSA Cybersecurity Director
CTA background

Start finding vulnerabilities before they ship.

Request Access