Amazing stuff! What a conundrum!
"Mythos discovers bugs and vulnerabilities faster than patches
Anthropic and its approximately 50 Project Glasswing partners used Claude Mythos Preview to discover over 10,000 high- or critical-severity vulnerabilities across critical software systems in the first month after Glasswing’s April 2026 launch — including both partner codebases and over 1,000 open-source projects scanned by Anthropic itself.
The real problem has become obvious: nobody can fix them fast enough. Cloudflare alone surfaced 2,000 bugs—400 critical—with fewer false positives than human testers would generate.
Mozilla patched 271 vulnerabilities in Firefox 150, more than ten times the count from previous Claude versions.
Yet of 530 critical bugs disclosed across the program, only 75 have been patched so far, with high-severity fixes averaging two weeks to roll out.
Anthropic scanned over 1,000 open-source projects and confirmed that 90.6 percent of flagged issues were valid after manual review.
The asymmetry matters: attackers with access to similar models could soon exploit this window between discovery and remediation, while maintainers remain swamped by the sheer volume of findings."
"Last month, we launched Project Glasswing, our collaborative effort to secure the world’s most critical software before increasingly capable AI models can be turned against it.
Since then, we and our approximately 50 partners have used Claude Mythos Preview to find more than ten thousand high- or critical-severity vulnerabilities across the most systemically important software in the world. ..."
Our dashboard of open-source vulnerabilities, showing vulnerabilities of all severities (rather than only those estimated high- or critical-severity by Mythos Preview).
No comments:
Post a Comment