{"source":"manifold","id":"pEZuLuAN5h","ticker":null,"slug":"will-ai-find-vulnerabilities-that-c","title":"Will AI find vulnerabilities that couldn't have been found by an elite human researcher?","description":"From https://blog.mozilla.org/en/privacy-security/ai-security-zero-day-vulnerabilities/:\n\nEncouragingly, we also haven’t seen any bugs that couldn’t have been found by an elite human researcher. Some commentators predict that future AI models will unearth entirely new forms of vulnerabilities that defy our current comprehension, but we don’t think so. Software like Firefox is designed in a modular way for humans to be able to reason about its correctness. It is complex, but not arbitrarily complex.\n\nBy 2029, will this turn out to be false?\n\nUpdate 2026-05-01 (PST) (AI summary of creator comment): The market requires that AI finds vulnerabilities that elite human researchers could not have found, not merely vulnerabilities that they have not found. A vulnerability going undiscovered does not qualify if it was theoretically within human capability to find.\n\nUpdate 2026-05-01 (PST) (AI summary of creator comment): A vulnerability counts if it would be realistically impossible for a human to discover (e.g., because of the amount of context they would need to hold in their head to notice it).\n\nUpdate 2026-05-01 (PST) (AI summary of creator comment): A vulnerability qualifies if a human could not see it even when looking at the right place, because the amount of context needed to hold in one's head (e.g., various interacting functions) is too great. This is distinct from vulnerabilities that humans simply have not found — the key criterion is whether it was realistically impossible for a human to discover, not merely undiscovered.\n\nUpdate 2026-05-01 (PST) (AI summary of creator comment): The creator will subjectively decide the resolution, possibly deferring to the consensus of security people. The goal is to track whether the quoted claim from Mozilla will turn out to be false.\n\nUpdate 2026-05-02 (PST) (AI summary of creator comment): Vulnerabilities in AI systems are out of scope (e.g., finding adversarial inputs with AI does not count). The market is specifically about human-written/human-maintained code.\n\nUpdate 2026-05-09 (PST) (AI summary of creator comment): In some situations, the creator will resolve based on consensus of cybersecurity researchers. Clear resolution scenarios include:\n\nResolves No: consensus among cybersecurity researchers that AI did not find such vulnerabilities\n\nResolves Yes: consensus among cybersecurity researchers that a specific vulnerability could not have been found without AI\n\nSome cases may require subjective judgment by the creator.","image":null,"icon":null,"active":true,"closed":false,"start_date":"2026-04-22T10:08:49.497000Z","end_date":"2028-12-31T11:07:00Z","closed_time":null,"volume":4498.905303297451,"volume_24hr":0.0,"volume_24h_change":null,"normalized_vol_24hr":null,"normalized_volume":26.561630249023438,"liquidity":100.0,"open_interest":0.0,"categories":["Science and Technology"],"tags":[],"synthetic":true,"is_group":false,"group_key":null,"parent_event_id":null,"probability":0.635335,"spread":null,"top_outcome":"Will AI find vulnerabilities that couldn't have been found by an elite human researcher?","top_outcome_probability":0.635335,"top_outcome_prob_24h_change":0.0,"top_outcome_volume_24h_change":0.0,"updated_at":"2026-06-03T06:46:47.573580Z","fetched_at":"2026-06-03T06:46:47.573580Z","added_at":null,"url":"https://manifold.markets/ms/will-ai-find-vulnerabilities-that-c","chart_24h":[0.635335,0.635335],"markets":[{"source":"manifold","id":"pEZuLuAN5h","event_id":"pEZuLuAN5h","slug":"will-ai-find-vulnerabilities-that-c","question":"Will AI find vulnerabilities that couldn't have been found by an elite human researcher?","group_item_title":null,"description":"From https://blog.mozilla.org/en/privacy-security/ai-security-zero-day-vulnerabilities/:\n\nEncouragingly, we also haven’t seen any bugs that couldn’t have been found by an elite human researcher. Some commentators predict that future AI models will unearth entirely new forms of vulnerabilities that defy our current comprehension, but we don’t think so. Software like Firefox is designed in a modular way for humans to be able to reason about its correctness. It is complex, but not arbitrarily complex.\n\nBy 2029, will this turn out to be false?\n\nUpdate 2026-05-01 (PST) (AI summary of creator comment): The market requires that AI finds vulnerabilities that elite human researchers could not have found, not merely vulnerabilities that they have not found. A vulnerability going undiscovered does not qualify if it was theoretically within human capability to find.\n\nUpdate 2026-05-01 (PST) (AI summary of creator comment): A vulnerability counts if it would be realistically impossible for a human to discover (e.g., because of the amount of context they would need to hold in their head to notice it).\n\nUpdate 2026-05-01 (PST) (AI summary of creator comment): A vulnerability qualifies if a human could not see it even when looking at the right place, because the amount of context needed to hold in one's head (e.g., various interacting functions) is too great. This is distinct from vulnerabilities that humans simply have not found — the key criterion is whether it was realistically impossible for a human to discover, not merely undiscovered.\n\nUpdate 2026-05-01 (PST) (AI summary of creator comment): The creator will subjectively decide the resolution, possibly deferring to the consensus of security people. The goal is to track whether the quoted claim from Mozilla will turn out to be false.\n\nUpdate 2026-05-02 (PST) (AI summary of creator comment): Vulnerabilities in AI systems are out of scope (e.g., finding adversarial inputs with AI does not count). The market is specifically about human-written/human-maintained code.\n\nUpdate 2026-05-09 (PST) (AI summary of creator comment): In some situations, the creator will resolve based on consensus of cybersecurity researchers. Clear resolution scenarios include:\n\nResolves No: consensus among cybersecurity researchers that AI did not find such vulnerabilities\n\nResolves Yes: consensus among cybersecurity researchers that a specific vulnerability could not have been found without AI\n\nSome cases may require subjective judgment by the creator.","image":null,"icon":null,"outcomes":["YES","NO"],"outcome_prices":[0.635335,0.364665],"probability":0.635335,"spread":null,"active":true,"closed":false,"start_date":"2026-04-22T10:08:49.497000Z","end_date":"2028-12-31T11:07:00Z","closed_time":null,"volume":4498.905303297451,"volume_24hr":0.0,"prob_24h_change":0.0,"volume_24h_change":0.0,"normalized_vol_24hr":null,"normalized_volume":26.561630249023438,"liquidity":100.0,"categories":["Science and Technology"],"countries":[],"updated_at":"2026-06-10T03:37:20.483894Z","fetched_at":"2026-05-31T16:15:18.926538Z","added_at":null,"url":"https://manifold.markets/ms/will-ai-find-vulnerabilities-that-c","event_title":"Will AI find vulnerabilities that couldn't have been found by an elite human researcher?","chart_24h":[0.635335,0.635335]}],"_meta":{"attribution":"pdata.world — aggregated prediction-market data across 8 platforms","canonical_url":"https://pdata.world/events/manifold/pEZuLuAN5h","as_of":"2026-06-10T16:40:38.352527Z","docs":"https://api.pdata.world/docs","cite_as":"According to pdata.world (tracking Manifold): \"Will AI find vulnerabilities that couldn't have been found by an elite human researcher?\" — top market at 64% probability across 1 outcome","source_url":null}}