vulnerability research4 articles
EU's Cyber Watchdog Gets Access to Anthropic's Scary Vulnerability-Finding AI
Anthropic has agreed to grant the EU's cybersecurity agency ENISA access to its powerful AI model, Mythos, through Project Glasswing — making ENISA the first European entity to join the initiative. Mythos has drawn significant concern due to its ability to autonomously discover and exploit software vulnerabilities at unprecedented speed and scale, raising fears about lowering the barrier for sophisticated cyberattacks. While the European Commission views the access as essential for assessing AI-related cyber risks, the terms are still being negotiated, and it remains unclear whether the US agency CISA has been granted similar access.
Prize-winning hacker thinks AI might make her obsolete — and she's not wrong to worry
Valentina Palmiotti ("Chompie"), the top individual performer at the Pwn2Own Berlin hacking competition, warns that powerful AI tools like Claude Mythos may soon make human ethical hackers obsolete, having already won $70,000 in prizes herself. While AI currently helps hackers work faster, she believes emerging models will quickly take over the discovery of common vulnerabilities, leaving only the most elite human researchers competitive. Despite concerns about AI aiding criminal hackers, Chompie remains cautiously optimistic that AI will ultimately benefit cybersecurity defenders more than attackers — provided powerful tools are released responsibly.
Anthropic Plans Public Release of Mythos Bug-Hunter, Admits Nobody Has the Safeguards to Do It Yet
Anthropic has announced plans to eventually make its Mythos AI model — which excels at finding security vulnerabilities in code — publicly available, but only once sufficient safeguards are developed, which the company admits do not yet exist. In the meantime, access is being expanded through its "Project Glasswing" programme to additional partners, including allied governments. Mythos has already identified over 23,000 flaws across 1,000+ open-source projects, though the volume of discoveries is straining an already overloaded security ecosystem, with many maintainers struggling to keep pace with the volume of reported vulnerabilities.
Anthropic's Claude Mythos Is Finding Bugs Faster Than Anyone Can Fix Them
Anthropic's Claude Mythos Preview AI model, working with around 50 partners through Project Glasswing, identified over 10,000 critical security vulnerabilities in system-critical software within just one month, with some partners reporting a tenfold increase in bug discovery rates. However, the pace of discovery far outstrips the ability of organizations to verify and patch the flaws, with only 97 of 23,019 open-source vulnerabilities found having been fixed so far. Anthropic warns this creates a dangerous transition period where AI models can rapidly find and potentially exploit vulnerabilities faster than defenders can respond, and acknowledges that no company currently has safeguards strong enough to prevent misuse of such capabilities.