When Your Agent Finds a Vulnerability
An Anthropic researcher found a 23-year-old Linux kernel vulnerability using Claude Code and a 10-line bash script. 22 Firefox CVEs followed.
Claude Code Found a Linux Vulnerability Hidden for 23 Years
mtlynch.ioClaude Code has gotten extremely good at finding security vulnerabilities, and this is only the beginning.
cory.news
Talking fast and swearing more since 2004.
cory.news
Talking fast and swearing more since 2004.
More, and More Extensive, Supply Chain Attacks
Open source components are getting compromised a lot more often. I did some counting, with a combination of searching, memory, and AI assistance, and we had two in 2026-Q1 ( trivy, axios), after four in 2025 ( shai-hulud, glassworm, nx, tj-actions), and very few historically [1]: Earlier attacks were generally compromises of single projects, but some time around Shai-Hulud in 2025-11 there sta
LLM Zero-Day Discovery: Why Container Isolation Fails
LLMs now find kernel zero-days at scale. Here's why container isolation fails and why hardware-enforced workload isolation must become the default.
Anthropic's Claude Mythos Launch Is Built on Misinformation
A primary-source investigation for developers and security researchers who want the real story about what the Data says about Mythos