A flood of useful security reports
The idea of using large language models (LLMs) to discover security problems is not new. Googl [...]
Evaluating and mitigating the growing risk of LLM-discovered 0-days
red.anthropic.com
AI Slop & the Vulnerability Treadmill
It has not been a relaxing few months for software security teams. In December, React disclosed its first critical CVE: an unauthenticated remote code execution flaw in Server Components. In March, not only was Aqua Security’s Trivy, a widely-used security scanning tool, compromised twice in three weeks through a GitHub Actions misconfiguration, but hackers also
Grading AI 2027’s 2025 Predictions
How has AI progress compared to AI 2027 thus far?
Making frontier cybersecurity capabilities available to defenders
Claude Code Security is one step towards our goal of more secure codebases and a higher security baseline across the industry.
AI Model Discovers 22 Firefox Vulnerabilities in Two Weeks
Claude Opus 4.6 discovered 22 Firefox vulnerabilities in two weeks, including 14 high-severity bugs, as nearly 20% of all critical Firefox vulnerabilities were fixed in 2025. The AI also wrote working exploits for two bugs, demonstrating emerging capabilities that give defenders a temporary advantage but signal an accelerating arms race in cybersecurity.
cory.news
Talking fast and swearing more since 2004.
Partnering with Mozilla to improve Firefox’s security
Anthropic is an AI safety and research company that's working to build reliable, interpretable, and steerable AI systems.
cory.news
Talking fast and swearing more since 2004.
More, and More Extensive, Supply Chain Attacks
Open source components are getting compromised a lot more often. I did some counting, with a combination of searching, memory, and AI assistance, and we had two in 2026-Q1 ( trivy, axios), after four in 2025 ( shai-hulud, glassworm, nx, tj-actions), and very few historically [1]: Earlier attacks were generally compromises of single projects, but some time around Shai-Hulud in 2025-11 there sta
Who fixes the zero-days AI finds in abandoned software?
Anthropic's red team found 500+ critical vulnerabilities with Claude. But they focused on maintained software. The scarier problem is the long tail that nobody will ever patch.
The Future Hacker
AI Will Replace Hackers, But it Will Boost the Real Ones
Skynet Progress Report (updated)
Source I, for one, welcome our new insect overlords Kent Brockman in " Deep Space Homer ", The Simpsons In recent months Cy...
A Horrible Conclusion
Homepage for Addison Crump
Anthropic's Mythos set off a cybersecurity 'hysteria.' Experts say the threat was already here
The arrival of Anthropic's Mythos jolted banks, software giants and governments into reckoning with a new era of cyber attacks. But the threat is already here.
Introducing The Anthropic Institute
We’re launching The Anthropic Institute, a new effort to confront the most significant challenges that powerful AI will pose to our societies.
LLM Zero-Day Discovery: Why Container Isolation Fails
LLMs now find kernel zero-days at scale. Here's why container isolation fails and why hardware-enforced workload isolation must become the default.
Grading AI 2027’s 2025 Predictions
How has AI progress compared to AI 2027 thus far?
Grading AI 2027’s 2025 Predictions
How has AI progress compared to AI 2027 thus far?
Grading AI 2027’s 2025 Predictions
How has AI progress compared to AI 2027 thus far?
Discovering Negative-Days with LLM Workflows
It’s no longer just about reverse-engineering n-days. You can detect vulnerabilities in open-source repositories before a CVE is published - or even if they’re never published. Here’s how I built an LLM workflow to detect “negative-days” and “never-days”.
When an AI agent came knocking: Catching malicious contributions in Datadog’s open source repos | Datadog
Learn how Datadog detected and resolved issues from hackerbot-claw, an AI-powered automated attack campaign.
Partnering with Mozilla to improve Firefox’s security
Anthropic is an AI safety and research company that's working to build reliable, interpretable, and steerable AI systems.
We Reproduced Anthropic's Mythos Findings With Public Models
Anthropic framed Mythos and Project Glasswing as proof that frontier AI vulnerability research now needs gated access. We tested the public, patched cases with GPT-5.4 and Claude Opus 4.6 and found that the key building blocks are already accessible outside Glasswing, while reliable operationalization remains the real moat.
AI Finds Vulns You Can’t With Nicholas Carlini
Returning champion Nicholas Carlini comes back to talk about using Claude for vulnerability research, and the current vulnpocalypse. It’s all very high-brow ...
At Machine Speed · Matthias Ott
Web design engineer, UX designer, teacher, and speaker – helping teams build websites and digital products with a focus on CSS, accessibility, and performance.
[tl;dr sec] #315 - Securing OpenClaw, Top 10 Web Hacking Techniques of 2025, Discovering Negative-Days with LLMs
Minimal OpenClaw alternatives, scanning tools, and hardening guidance, PortSwigger's curated top web hacking techniques, open source GitHub Action to flag commits fixing vulnerabilities before they get a CVE
The vulnerability landscape in Q1 2026
This report provides statistical data on published vulnerabilities and exploits we researched during Q1 2026. It also includes summary data on the use of C2 frameworks in APT attacks.
Measuring AI agent autonomy in practice
Anthropic is an AI safety and research company that's working to build reliable, interpretable, and steerable AI systems.
Claude Opus 4.6
We’re upgrading our smartest model. Across agentic coding, computer use, tool use, search, and finance, Opus 4.6 is an industry-leading model, often by wide margin.
Unsupervised Learning NO. 515
Opus 4.6 Finds Vulns the Way Human Testers Do, The SaaSpocalypse, Malicious OpenClaw Skills, New Urgency in Building, and more