Tag
Codex Security has scanned 30,000 code repositories, over 30 million commits, and fixed over 500,000 vulnerabilities in three months, demonstrating the efficiency of AI automation.
OpenAI launches Daybreak expansion plan, aiming to automate vulnerability fixes with AI, addressing the current bottleneck in security where vulnerabilities are found but no one fixes them.
Anthropic has released an open-source reference implementation for autonomous vulnerability discovery and remediation using Claude, featuring a full pipeline (recon → find → verify → report → patch) with sandboxing support. It accompanies Claude Security, a hosted product for managing vulnerabilities across codebases.
Anthropic released an open-source code auditing reference harness for autonomous vulnerability discovery and remediation using Claude, covering a recon→find→triage→report→patch pipeline, primarily targeting C/C++ memory vulnerabilities. It is a template/reference implementation rather than a production-ready product, with a managed hosted option called Claude Security also available.
Anthropic expands access to its Mythos AI cybersecurity model to 150 additional organizations across more than 15 countries under Project Glasswing, including critical infrastructure sectors like power, water, healthcare, and communications.
Astra Security launches an autonomous pentest product that uses AI agents to find, validate, and fix vulnerabilities automatically.
Hyunseo Shin, Korea's #1 HackerOne hacker, shares a follow-up post detailing his AI-based vulnerability detection workflow using LLM agents to uncover open-source 0-days.
NVIDIA released SkillSpector, an open-source security scanner for AI agent skills that detects vulnerabilities like prompt injection and data exfiltration before installation.
PromptAudit is a controlled evaluation framework that isolates the effects of prompt formulations on LLM-based vulnerability detection, finding that chain-of-thought prompting achieves the best overall performance while prompt sensitivity must be treated as a first-class system property.
A commentary highlights that AI's ability to find more security vulnerabilities will increase the need for human engineers to triage and fix them, predicting a security engineer boom.
Anthropic's Project Glasswing has used Claude Mythos Preview to find over 10,000 high or critical severity vulnerabilities in critical software, with partners like Cloudflare reporting a tenfold increase in bug finding rates, highlighting the shift from discovery to patching as the bottleneck.
Cloudflare shares their experience with Anthropic's Mythos Preview model, which autonomously discovered high-severity vulnerabilities across major OS and web browsers. The model demonstrates senior-level reasoning in chaining exploit primitives but has inconsistent guardrails, highlighting the need for hardened safeguards before public release.
Cybersecurity startup Depthfirst claims its AI model discovered critical vulnerabilities missed by Anthropic's Mythos system, achieving the same results at one-tenth the cost.
Microsoft's MDASH multi-agent AI system, using over 100 specialized agents, surpasses Anthropic's Mythos on the CyberGym cybersecurity benchmark by effectively finding and confirming real-world software vulnerabilities.
DeepTeam is a free, open-source tool that implements 20+ state-of-the-art attacks to detect over 50 LLM vulnerabilities, including bias and PII leakage, running locally without a dataset.
Mozilla used the Claude Mythos preview to systematically find and fix hundreds of security vulnerabilities in Firefox, dramatically increasing their bug-fix rate from around 20-30 per month to 423 in April 2026.
Mozilla details how they used Claude Mythos Preview and other AI models to identify and fix a significant number of latent security bugs in Firefox, demonstrating a shift in the efficacy of AI for code hardening.
Firefox 150 shipped with 271 security fixes found by Anthropic’s Claude Mythos Preview, marking a major AI-driven win for defensive security.
Mozilla used Anthropic's Claude Mythos Preview AI to find and fix 271 zero-day vulnerabilities in Firefox 150, marking a major shift in cybersecurity where AI enables defenders to decisively outpace attackers.
The UK's AI Safety Institute's evaluation of Claude Mythos shows that AI-driven security vulnerability detection creates a new economic model where cybersecurity becomes a token-spending competition, incentivizing continuous investment in security reviews and making open-source libraries more valuable as shared security infrastructure.