Automated and manual discovery of software vulnerabilities, exploit development, and security testing against real-world targets.
Project Glasswing demonstrates that AI can find software vulnerabilities at an unprecedented scale, shifting the security focus from discovery to the urgent need for faster patching.
Cloudflare’s research with Mythos Preview demonstrates that while AI can autonomously chain exploits, effective defense requires specialized multi-agent harnesses and a focus on architectural security.
Due to new Linux kernel vulnerabilities, users should avoid installing new software for a week to prevent supply chain attacks.
Wiz Research used AI-augmented tools to find a critical RCE vulnerability in GitHub's internal protocol that could compromise millions of repositories via a simple git push.
AISLE used autonomous AI analysis to discover and help patch 38 vulnerabilities in OpenEMR, establishing a new standard for proactive healthcare software security.
GPT-5.5 delivers a revolutionary increase in vulnerability detection and hacking efficiency, outperforming previous models and setting a new bar for AI in cybersecurity.
AI cybersecurity is a contest of model intelligence and reasoning, not a brute-force competition of computational resources.
OpenAI's Codex successfully discovered and exploited a kernel memory vulnerability to gain root access on a Samsung Smart TV.
Ransomware activity is currently outpacing global security spending growth by a factor of three to one.
A malicious actor weaponized a portfolio of 30+ acquired WordPress plugins to conduct a massive, blockchain-coordinated supply chain attack.
Current AI agent benchmarks are easily gamed through infrastructure exploits, necessitating a new standard of adversarial robustness and environment isolation to accurately measure model capabilities.
AI cybersecurity is a 'jagged frontier' where small models often match frontier performance, proving that the orchestration system is the true competitive moat.
Anthropic is restricting its powerful new Claude Mythos model to a select group of security partners to prevent a potential wave of AI-driven cyberattacks while patching critical software vulnerabilities.
Project Glasswing is a collaborative effort to use Anthropic's highly capable Claude Mythos model for defensive cybersecurity to protect critical global infrastructure from AI-augmented threats.
Anthropic researcher Nicholas Carlini used Claude Code to uncover a 23-year-old Linux kernel vulnerability, signaling a new era of AI-driven security research.
OpenClaw version 2026.3.28 fixes a critical authorization flaw that allowed users to escalate their privileges to admin via the device pairing process.
A massive influx of valid security reports is ending the era of secret embargoes and forcing a shift toward continuous software maintenance.
Snowflake Cortex Code CLI was vulnerable to a sandbox escape and human-in-the-loop bypass that allowed unauthorized malware execution via indirect prompt injection.
A security database that evaluates and ranks the instructional risks and permission levels of AI agent skills to prevent exploitation.
An autonomous AI agent hacked McKinsey’s internal AI platform in two hours, exposing millions of confidential records and highlighting the urgent need to secure the prompt layer.
Claude Opus 4.6's discovery of 22 Firefox vulnerabilities highlights a powerful, yet potentially temporary, AI-driven advantage for software defenders.
Exploit development is becoming a token-limited, scalable process with LLMs, so we must prepare and demand real-target, high-budget evaluations.
Notion AI saves edits before consent, enabling prompt-injected external image loads that exfiltrate user data regardless of user approval.
An exposed Mintlify static endpoint let malicious SVGs run on customer primary domains, creating a widespread supply-chain XSS affecting Discord, X, and many others.
OpenAI’s GPT-5.2-Codex pushes agentic coding and defensive cyber forward while rolling out with stricter safeguards and gated access.
Update your RSC stack now: fixed react-server-dom versions patch a DoS and source code leak that affect many frameworks, though no new RCE is possible.
Critical RCE in React Server Components affects Next.js App Router; upgrade to the listed patched versions now.
AI agents have enabled near-autonomous, state-linked cyber espionage at scale, forcing a rapid shift toward AI-powered cyber defense and stronger safeguards.
