Disclosures·Feb 3, 2026·8 min read
The Recent CVEs in React and Node.js Were Found by an AI
Two upstream CVEs, one in Node.js and one in React, came out of the same automated research loop. The real story is less magical and more useful: what the system actually did, where it guessed, and why verified AI bug hunting now matters.
