ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "Actually finding vulnerabilities using AI with Joshua Rogers"
Episode Synopsis
I chat with Joshua Rogers about a blog post he wrote as well as some bugs he submitted to the curl project. Joshua explains how he went searching for some AI tools to help find security bugs, and found out they can work, if you're a competent human. We discuss the challenges of finding effective tools, the importance of human oversight in triaging vulnerabilities, and how to submit those bugs to open source projects responsibly. It's a very sane and realistic conversation about what AI tools can and can't do, and how humans should be interacting with these things. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-10-ai-joshua-rogers/
More episodes of the podcast Open Source Security
Iocaine poisons bots with Gergely Nagy
12/01/2026
Anubis with Xe Iaso
05/01/2026
Rustls with Dirkjan and Joe
29/12/2025
TARmageddon with Alex Zenla
01/12/2025
Python Security with Seth Larson
24/11/2025
In God we trust