Etiquetas: software vulnerabilities

OpenAI unveiled Daybreak, a new AI‑driven security platform that combines its latest GPT‑5.5‑Cyber models with the Codex Security agent. Designed to map an organization’s code, predict attack paths and auto‑detect high‑risk flaws, Daybreak aims to stay a step ahead of cyber attackers. The rollout follows Anthropic’s controversial Claude Mythos release and marks OpenAI’s first foray into dedicated vulnerability‑prevention tooling, with the company pledging collaboration with industry and government partners as the service scales. Leer más

Mozilla’s Firefox team says Anthropic’s new Mythos model has identified dozens of high‑severity vulnerabilities, many lurking for over a decade. The AI‑driven scans helped the browser ship 423 bug fixes in April 2026, a stark jump from 31 the previous year. Researchers credit the model’s ability to self‑filter false positives and generate detailed reports, though human engineers still write and review patches. The breakthrough signals a shift in software security, but Mozilla warns that attackers could eventually co‑opt similar tools. Leer más

Anthropic announced the limited release of Claude Mythos Preview, an AI model that can autonomously discover software flaws and generate working exploits. The company has placed the model in the hands of a select group of tech giants—including Microsoft, Apple, Google, and the Linux Foundation—through a consortium called Project Glasswing. Security experts say the system could dramatically lower the skill bar for creating multi‑stage exploit chains, prompting a reassessment of how organizations develop, patch, and defend software. Government officials are already discussing the potential fallout, underscoring the model’s far‑reaching implications. Leer más

Anthropic announced it will restrict access to its latest large‑language model, Mythos, citing the model’s advanced ability to uncover software vulnerabilities. Instead of a public rollout, the company will share Mythos with a select group of large enterprises, including Amazon Web Services and JPMorgan Chase. The move mirrors a broader industry trend of tightening model distribution to protect critical infrastructure and to curb the rise of model distillation that threatens frontier lab revenues. Analysts suggest the strategy also positions Anthropic for lucrative enterprise contracts while keeping competitors at bay. Leer más

Anthropic announced that its latest Claude model, dubbed Mythos, can locate and exploit software vulnerabilities at a level that rivals top human experts. Because the technology poses a significant security risk if released publicly, the company is restricting access to a select group of infrastructure providers through a new initiative called Project Glasswing. The consortium, which includes Apple, Amazon Web Services, Microsoft, Google and more than 40 other firms, will receive $100 million in usage credits and $4 million in donations to open‑source security projects. Anthropic says the partnership aims to shore up defenses before malicious actors can weaponize the model. Leer más

Anthropic has rolled out Claude Mythos Preview, a new AI model under the Project Glasswing initiative, to a handful of defensive‑security partners. The model, which the company says can identify high‑severity vulnerabilities across major operating systems and browsers without human guidance, will initially be available only to firms like JPMorgan Chase, Cisco and the Linux Foundation. Anthropic is backing the launch with up to $100 million in usage credits and a $4 million donation to open‑source foundations, while also holding preliminary talks with U.S. officials about its offensive and defensive capabilities. Leer más

Anthropic announced Tuesday that its newest frontier AI model, Mythos, will be deployed in a restricted preview for twelve leading tech firms under a new initiative called Project Glasswing. The model, described as the company’s most powerful to date, will scan both proprietary and open‑source software for zero‑day vulnerabilities. Anthropic says Mythos has already identified thousands of critical bugs, many decades old, and will be used for defensive security work while the firm continues discussions with U.S. officials about its broader applications. Leer más

Anthropic partnered with Mozilla to run its Claude Opus 4.6 AI on Firefox’s codebase for two weeks. The effort uncovered 22 separate vulnerabilities, including 14 classified as high‑severity. Most bugs were patched in Firefox 148, while a few remain for the next release. The AI proved better at identifying flaws than creating exploit code, with only two proof‑of‑concept exploits produced after spending $4,000 in API credits. The findings highlight the power of AI tools for open‑source security reviews, even as they generate a mix of useful and noisy contributions. Leer más

OpenClaw, the AI assistant that lets users manage tasks through messaging apps, is facing serious security concerns after researchers uncovered malware hidden in user‑submitted skill add‑ons on its ClawHub marketplace. Over a short period, dozens of malicious skills and hundreds of malicious add‑ons were identified, many posing as cryptocurrency tools while stealing sensitive credentials. The creator, Peter Steinberger, has introduced new publishing safeguards, but the risk of malicious code remains a notable attack surface for users granting the assistant deep device access. Leer más

OpenAI responded to two prompt‑injection exploits—ShadowLeak and Radware's ZombieAgent—by limiting how ChatGPT handles URLs. The new guardrails restrict the model to opening only exact URLs supplied by users and block automatic appending of characters. While these changes stopped the immediate threats, experts warn that such fixes are temporary and that more fundamental solutions are needed to secure AI assistants. Leer más