AI-assisted audit finds 11 Wasmtime vulnerabilities across supported releases

Wasmtime’s latest security release showed a sharper question for Rust infrastructure than a simple advisory dump: can AI help auditors find real bugs in critical runtimes without loosening the review bar? The answer, at least in this case, was yes. The Bytecode Alliance shipped Wasmtime 43.0.1, 42.0.2, 36.0.7 and 24.0.7 on April 9, 2026, fixing 12 distinct security advisories, including two rated Critical. Eleven of those advisories were found with new LLM-based tools, making this the largest batch of advisories Wasmtime has ever published at once.

The effort came out of a three-week sprint in which researchers from Mozilla, the University of California, San Diego, Akamai and F5 used a multi-agent harness built around a frontier AI model to dig through Wasmtime’s most security-sensitive code. That meant the Cranelift and Winch backends, along with unsafe Rust paths in the runtime itself. The key detail for Rust developers is not that AI replaced expertise, but that it helped concentrate human attention where the risk was highest, and it did so in a codebase already built around Rust’s safety story.

One of the advisories illustrates the kind of bug the audit turned up. A heap out-of-bounds read in component-model UTF-16 to latin1+utf16 string transcoding affected versions through 24.0.6, 36.0.6, 42.0.1 and 43.0.0, and was patched in the four releases shipped on April 9. Another issue in the same release set was a low-severity report from a user that affected only the then-latest stable 43.0.0, separate from the AI-assisted findings.

The scale of the release matters because Wasmtime is not a throwaway dependency. The project now supports long-term-support releases that receive security fixes for two years after their initial release, and it ships a new version every month. The Bytecode Alliance says Wasmtime’s security posture includes Rust as the implementation language, cargo vet for dependency auditing, broad fuzzing, Miri coverage for unsafe code, Spectre mitigations and formally verified components in Cranelift. It also says Wasmtime is the first Bytecode Alliance Core Project, after a unanimous board decision based on governance, security, CI/CD, community health and production adoption.

For Rust teams embedding Wasmtime, the practical takeaway is clear. AI did not relax the security bar here. It found 11 vulnerabilities inside a runtime already designed for hardening, then handed maintainers a bigger, better-focused audit queue. That is the workflow shift worth watching, because the next critical runtime audit may start looking a lot more like this one.