Claude Opus 4.7 has been used to patch over 2,100 vulnerabilities

the same technology is both the lottery ticket & the thing eating your fallback

Vantor becomes the first spatial intelligence company to be able to deploy Google Earth AI models in air-gapped government environments.

The most urgent finding this week comes from researchers who demonstrated that the very mechanism enabling agents to use tools - function calling - can be hijacked with alarming reliability.

The result is a mismatch that should terrify anyone building software: the attack surface is expanding faster than any human can monitor, and the entities making dependency decisions are increasingly not human.

We are building a world where machines write the code, machines choose the dependencies, and machines ship the updates. The AI agents are building the software. If we don't secure the supply chain they rely on, the AI agents are cooked.

select known-vulnerable dependency versions 50% more often than humans.

the entities making dependency decisions are increasingly not human.

Hallucinated packages are the sleeper threat. LLMs regularly invent package names that don't exist. One study found that nearly 20% of AI-recommended packages were fabrications, and 43% of those hallucinated names appeared consistently across queries.

Security is a defensive posture; agency is a functional right.

Some proposals for AI agents assume that putting agentic code in a TEE or similar 'jail' will solve these problems, but that ignores the need to collectively bargain

it is decently important to handle them asap when they arrive so that we can avoid building up too much backlog.

The time when we suffer from large amounts of AI slop is gone. Now we instead suffer under a massive load of good reports.

agent-written code introduces more security vulnerabilities than code authored by humans

Discovery should focus on trust boundaries, authentication flows, parsers, shared services, and legacy code that still sits on critical paths.

Public models can already spot that a security-relevant check is missing in the right code path, but they can still miss the actual invariant being violated and therefore misstate the impact.

The real challenge is validating outputs, prioritizing what matters, and operationalizing them.

So, cyber security of tomorrow will not be like proof of work in the sense of 'more GPU wins'; instead, better models, and faster access to such models, will win.

Anthropic currently has no plans to release the model publicly due to concerns that it could be weaponized.

US tech CEOs believe the best models should stay proprietary, partly so they can recoup enormous training costs and partly out of concern that powerful frontier models could be weaponized. Chinese labs, for their part, are not purely idealistic: Open-source is not only free advertising but also a shrewd workaround.

Aegis Core provides the foundational infrastructure for orchestrating LLM-based security agents, monitoring their behavior, and tracking the evolution of AI security capabilities over time.

Eight out of eight models detected Mythos's flagship FreeBSD exploit, including one with only 3.6 billion active parameters costing $0.11 per million tokens.

Architected before AI, these SIEM systems are wooden shields in an era of autonomous attackers.

OpenAI has introduced GPT-5.4-Cyber, a more permissive version of its flagship model built for defensive security work, expanding access to thousands of verified users through its Trusted Access for Cyber initiative.

Lightweight Agent Detection & Response (ADR) layer for AI agents — guards commands, files, and web requests.

Sage intercepts tool calls (Bash commands, URL fetches, file writes) via hook systems in Claude Code, Cursor / VS Code, OpenClaw, and OpenCode, and checks them against:

Mercor, which provides data to AI labs for training, became one of the fastest-growing companies in history before losing four terabytes of data to hackers last week.

Each platform surfaces different vulnerabilities, making it difficult to establish a single, reliable source of truth for what is actually secure.

AI uncovered a 27-year-old vulnerability in the BSD kernel, one of the most widely used and security-focused open source projects, and generated working exploits in a matter of hours.

AI can be pointed at an open source codebase and systematically scan it for vulnerabilities.

Each platform surfaces different vulnerabilities, making it difficult to establish a single, reliable source of truth for what is actually secure.

AI uncovered a 27-year-old vulnerability in the BSD kernel, one of the most widely used and security-focused open source projects, and generated working exploits in a matter of hours.

Mythos reportedly autonomously discovered thousands of zero-day vulnerabilities within weeks

Same clinical question, two framings. One as a patient, one as a doctor.

that's what anthropic says it cost Mythos to find those zero days. per repo.

Across 1,000 runs, Claude Mythos Preview was able to find several bugs in OpenBSD, including one that allows any attacker to remotely crash a computer running it. The notable thing was that the bug had existed for 27 years.

Mythos Preview has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser.

Agents show only ~10% success on instances with PoCs longer than 100 bytes, which represent 65.7% of the benchmark

The window between a vulnerability being discovered and being exploited by an adversary has collapsed—what once took months now happens in minutes with AI.

AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities.

Agent systems should be designed assuming prompt-injection and exfiltration attempts. Separating harness and compute helps keep credentials out of environments where model-generated code executes.

Mythos found zero-day bugs in every major OS and browser, without human guidance.

The model reportedly scored 93.9% on SWE-bench Verified and 77.8% on SWE-bench Pro, but its strongest signal came from real-world results, including uncovering a 27-year-old flaw in OpenBSD, a 16-year-old vulnerability in FFmpeg, and autonomously chaining Linux kernel exploits without human input.

The model reportedly scored 93.9% on SWE-bench Verified and 77.8% on SWE-bench Pro, but its strongest signal came from real-world results, including uncovering a 27-year-old flaw in OpenBSD, a 16-year-old vulnerability in FFmpeg, and autonomously chaining Linux kernel exploits without human input.

Gemma 4 models undergo the same rigorous infrastructure security protocols as our proprietary models.

New AI models, especially those from Anthropic,have triggered a new set of actions for how we build and secure our products.

computer-use agents extend language models from text generation to persistent action over tools, files, and execution environments

To this day, if you know the right people, the Silicon Valley gossip mill is a surprisingly reliable source of information if you want to anticipate the next beat in frontier AI – and that’s a problem. You can’t have your most critical national security technology built in labs that are almost certainly CCP-penetrated

this company's got not good for safety

open AI literally yesterday published securing research infrastructure for advanced AI

this is a serious problem because all they need to do is automate AI research 00:41:53 build super intelligence and any lead that the US had would vanish the power dynamics would shift immediately

the model Waits are just a large files of numbers on a server and these can be easily stolen all it takes is an adversary to match your trillions 00:41:14 of dollars and your smartest minds of Decades of work just to steal this file

our failure today will be irreversible soon in the next 12 to 24 months we will leak key AGI breakthroughs to the CCP it will 00:38:56 be to the National security establishment the greatest regret before the decade is out

here are so many loopholes in our current top AI Labs that we could literally have people who are infiltrating these companies and there's no way to even know what's going on because we don't have any true security 00:37:41 protocols and the problem is is that it's not being treated as seriously as it is

Seeing how powerful AI can be for cracking passwords is a good reminder to not only make sure you‘re using strong passwords but also check:↳ You‘re using 2FA/MFA (non-SMS-based whenever possible) You‘re not re-using passwords across accounts Use auto-generated passwords when possible Update passwords regularly, especially for sensitive accounts Refrain from using public WiFi, especially for banking and similar accounts

Now Home Security Heroes has published a study showing how scary powerful the latest generative AI is at cracking passwords. The company used the new password cracker PassGAN (password generative adversarial network) to process a list of over 15,000,000 credentials from the Rockyou dataset and the results were wild. 51% of all common passwords were cracked in less than one minute, 65% in less than an hour, 71% in less than a day, and 81% in less than a month.

Enligt Polismyndighetens riktlinjer ska en konsekvensbedömning göras innan nya polisiära verktyg införs, om de innebär en känslig personuppgiftbehandling. Någon sådan har inte gjorts för det aktuella verktyget.