AI agent finds more security flaws than human hackers at Stanford

"It also produced more false positives than humans, sometimes mistaking harmless network signals for signs of a successful breach. The researchers noted that the system performs best in environments dominated by text-based inputs and outputs."

How many more? The article doesn't say.

Paper: https://arxiv.org/abs/2512.09882

WSJ feature: https://www.wsj.com/tech/ai/ai-hackers-are-coming-dangerousl... (https://archive.ph/L4gh3)

If the security flaws are in the training data AI will be able to detect them, stuff like OWASP are definitely in the training data. So in a way this is like more intelligent fuzzing, which is a fantastic tool to have in your toolbox. But I doubt AI will be able to detect novel security flaws that are not included in its training data.