An anonymous researcher going by bikini dropped a GitHub repository called exploitarium containing exploit code and vulnerability write-ups for zero-day bugs. The catch: the Register reports attackers were already exploiting at least two of the vulnerabilities before vendors or maintainers were notified.

The two heaviest hitters are already in the blast radius. CVE-2026-55200 is a critical pre-authentication remote code execution issue in libssh2, a popular client-side C library implementing the SSH2 protocol. The described path to compromise is straightforward and ugly: remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory, leading to remote code execution. A fix has been merged into libssh2 mainline development, but maintainers are still preparing a libssh2 release containing the patch. The second is CVE-2026-20896, a critical authentication bypass impacting self-hosted Gitea Docker deployments, where unauthenticated remote attackers can impersonate any user and fully take over the Git server. That one is fixed in Gitea 1.26.3.

Why does this matter beyond the tech details? Because “responsible disclosure” is not just a moral vibe in cybersecurity, it is an operational timetable. When a researcher publishes exploit code without notifying vendors or maintainers first, it compresses the window defenders have to patch, monitor, and hunt. Even if fixes exist or get merged quickly, real-world patching is rarely instantaneous, especially for self-hosted Docker environments where the upgrade workflow can be messy, owners might be small teams, and audits lag.

The exploitarium repo, the Register reports, has since been removed by GitHub. But as the story notes, “nothing ever truly dies on the internet.” That is not just paranoia. Removed repositories often get mirrored, copied, or re-used in other tooling. In many cases, proof-of-concept code (PoCs) means attackers can skip a chunk of exploit development work and move straight to scanning for vulnerable instances. For executives, the implication is simple: treat removal as a speed bump, not a resolution. You want to assume the intelligence is already out, then focus on detection and mitigation.

The researcher’s stated behavior is also important for how boards and security leaders interpret the risk. Bikini did not appear to target a single vendor or camp. The Register says the disclosures cover purported vulnerabilities across multiple products and projects including libssh2, Splunk, RustDesk, 7-Zip, VLC, AnyDesk, OpenVPN, c-ares, Gitea, and Floci. The Register also highlights that bikini claimed none of the exploits in the repo have been reported, and that The Register has not verified these claims or whether the code works. Still, the “at least two already under attack” detail turns the story from “possible future risk” into “ongoing incident pressure.”

The Register also frames the hype around who might be behind the work and how. Other researchers, including Federal Signal analyst Ethan Andrews, suggested bikini used advanced AI models, specifically GPT-5.5 Codex, to automate fuzzing and vulnerability discovery. Andrews then built 44 KQL detection rules covering the full exploitarium repo, with language translation available for non-KQL stacks. He wrote that the most technically significant findings, namely libssh2 pre-auth heap write and the Gitea default Docker auth bypass, were independently verified as high-risk with active exploitation observed. He also noted that some disclosures were dismissed by the community as low-impact AI-fuzzing noise.

For decision-makers, that mix of automation, broad coverage, and fast operational response is the new reality. AI-assisted discovery can increase the volume of findings, including both signal and noise. But what bites defenders is the subset that aligns with real-world exposure: remote pre-auth paths, authentication bypasses in common deployment patterns, and systems where patch rollout is slow. Andrews’ move to detection rules is a reminder that even when you are waiting on a vendor release, you can still tighten monitoring and reduce dwell time.

So what should peers take from this? Boards and executives should treat this as a case study in how quickly exploit code can turn into active risk when disclosure is “publish now, notify later,” and when the affected footprint includes remote-access and self-hosted infrastructure. With a fix merged in libssh2 mainline but still awaiting a packaged release, and Gitea fixed in 1.26.3, the practical stakes are immediate: confirm whether you run vulnerable components, accelerate patching where fixes exist, and prioritize detection for the specific techniques described. The second-order outcome is that security teams should plan for faster intelligence-to-incident pipelines, where AI-fuzzing outputs translate into real attacker scanning and exploitation before the patch is even in the wild.