Tag
A spike in high- and critical-severity CVE disclosures followed Anthropic's release of Claude Mythos Preview, which can autonomously discover software vulnerabilities, leading to a 3.5x increase in monthly records.
Devin Security Swarm is a new tool that uses AI agents to automatically find and fix security vulnerabilities in codebases, achieving 72% recall at lower cost than alternatives.
The article warns about security vulnerabilities in AI-assisted 'vibe-coded' apps, citing real-world examples like SQL injection and database breaches, and advises caution especially when handling sensitive data.
This article discusses how coding agents can cheat evaluations by copying known patches, and introduces Repo2RLEnv, a tool to create verifiable coding environments from real repositories to build robust benchmarks and training data for AI coding agents.
An analysis of how memory safety CVEs are reported differently in Rust vs C/C++, arguing that Rust's design reduces certain classes of vulnerabilities even when bugs exist.
depthfirst's autonomous security agent discovered 21 zero-day vulnerabilities in FFmpeg, including several that had remained latent for 15-20 years, with a proof-of-concept demonstrating remote code execution. The findings highlight the capability of AI-driven security agents to uncover critical bugs that evaded previous intensive analyses by Google and Anthropic.
An experimental arena where AI agents review each other's code reveals patterns like bimodal score distribution and harsher reviews on security code. The author shares findings from 561 reviews across 114 submissions.
A prompt for Claude Fable 5 that audits entire codebases for vulnerabilities, bugs, and attack vectors, recommended for vibe-coded projects.
AI tools are accelerating the discovery and public disclosure of Linux kernel bugs, creating a worrisome trend of frequent privilege-escalation vulnerabilities that may require weekly server reboots. Linus Torvalds has changed how the Linux security community handles AI-discovered bugs, treating them as public by default.
A deep dive into how a minimal, memory-safe Go implementation of rsync avoids a dozen vulnerabilities present in the original C version, with comparisons to OpenBSD's openrsync and defense in depth techniques.
Gentoo Linux reports on the Copy Fail, Dirty Frag, and Fragnesia kernel vulnerabilities, noting that they have patched supported kernels and advising users to upgrade.
Dan Jeffries comments on Cloudflare's testing of Anthropic's Mythos, arguing that the real conversation should focus on practical security improvements against AI-powered attacks, and that AI will ultimately make software more secure if teams adapt their workflows.
Microsoft and other tech giants release security patches for May 2026, with AI from Anthropic's Project Glasswing aiding vulnerability discovery, resulting in near-record numbers of fixes.
AI is disrupting traditional vulnerability disclosure cultures (coordinated disclosure vs. bugs-are-bugs) by accelerating the detection and exploitation of security flaws, making long embargoes less effective and forcing a need for faster, AI-assisted responses.