Schneier on Security RSS3d ago

How Dangerous Is Anthropic’s Mythos AI?

Last month, Anthropic made a remarkable announcement about its new model, Claude Mythos Preview: it was so good at finding security vulnerabilities in software that the company would not... https://www.schneier.com/blog/archives/2026/05/how-dangerous-is-anthropics-mythos-ai.html

#vulnerabilities #Uncategorized #regulation #patching #hacking #laws #LLM #AI

How Dangerous Is Anthropic's Mythos AI? - Schneier on Security

Last month, Anthropic made a remarkable announcement about its new model, Claude Mythos Preview: it was so good at finding security vulnerabilities in software that the company would not release it to the general public. Instead, it would only be available to a select group of companies to scan and fix their own software. The announcement requires context—but it contained an essential truth. While Anthropic’s model is really good at finding software vulnerabilities, so are other models. The UK’s AI Security Institute found that OpenAI’s GPT-5.5, already generally available, is comparable in capability. The company Aisle ...

Schneier on Security
Schneier on Security RSS5d ago

Copy.Fail Linux Vulnerability

This is the worst Linux vulnerability in years.
TL;DR

copy.fail is a Linux kernel local privilege escala... https://www.schneier.com/blog/archives/2026/05/copy-fail-linux-vulnerability.html

#vulnerabilities #Uncategorized #patching #Linux

Copy.Fail Linux Vulnerability - Schneier on Security

This is the worst Linux vulnerability in years. TL;DR copy.fail is a Linux kernel local privilege escalation, not a browser or clipboard attack. Disclosed by Theori on 29 April 2026 with a working PoC. It abuses the kernel crypto API (AF_ALG sockets) plus splice() to write four bytes at a time straight into the page cache of a file the attacker does not own. The exploit works unmodified across Ubuntu, RHEL, Debian, SUSE, Amazon Linux, Fedora and most others. No race condition, no per-distro offsets. The file on disk is never modified. AIDE, Tripwire and checksum-based monitoring see nothing. ...

Schneier on Security
Analyst2075d ago

OpenAI Unveils Daybreak to Automate Vulnerability Detection and Patching

Meet Daybreak, a game-changing cybersecurity tool from OpenAI that supercharges vulnerability detection and patching with cutting-edge AI, helping organizations stay one step ahead of attackers and making the world a safer place. By combining AI intelligence with advanced code analysis, Daybreak…

https://osintsights.com/openai-unveils-daybreak-to-automate-vulnerability-detection-and-patching?utm_source=mastodon&utm_medium=social

#VulnerabilityDetection #Patching #ArtificialIntelligence #Cybersecurity #AutomatedThreatResponse

OpenAI Unveils Daybreak to Automate Vulnerability Detection and Patching

Discover Daybreak, OpenAI's AI-powered tool that automates vulnerability detection and patching, and learn how to request access to protect your organization - read now and stay secure.

OSINTSights
Hacker NewsMay 8

Non-determinism is an issue with patching CVEs

https://flox.dev/blog/achieving-rapid-cve-remediation-in-an-era-of-escalating-vulnerabilities/

#HackerNews #Non-determinism #CVEs #patching #vulnerabilities #security #software #development

Flox | Achieving CVE Remediation in an Era of Escalating Vulnerabilities

AI is accelerating the rate of CVE discovery. Learn how Flox and Nix transform package vulnerability triage from repeated artifact scans into quick, queryable dependency-graph analysis.

Flox
CVEDatabase.comMay 7
Security Tip: Can't patch a production system immediately? Consider virtual patching. 🛡️ By deploying WAF rules, IPS signatures, or runtime protection, you can mitigate specific CVE exploits at the network or host level. This buys your team the time needed to test and deploy official vendor patches without leaving the door wide open. Research the latest vulnerabilities and mitigation strategies at https://cvedatabase.com #InfoSec #CyberSecurity #CVE #Patching
CVEDatabase.com - Search & Analyze CVE Vulnerabilities

Search and analyze CVE vulnerabilities with instant access to CVSS scores, affected products, and AI-powered remediation guidance.

CVEDatabase.com
CVEDatabase.comMay 4

Security Tip: The race to patch a critical CVE shouldn't lead to a production outage. 🛡️

Establish a tiered patch management strategy:
1. Monitor: Track new CVEs via https://cvedatabase.com
2. Stage: Deploy patches to a mirror environment first.
3. Verify: Run automated tests to ensure no regressions.
4. Deploy: Roll out to production once validated.

A broken system is just as unavailable as one under attack. #InfoSec #CyberSecurity #CVE #Patching

CVEDatabase.com - Search & Analyze CVE Vulnerabilities

Search and analyze CVE vulnerabilities with instant access to CVSS scores, affected products, and AI-powered remediation guidance.

CVEDatabase.com
Hacker NewsApr 28

Patch applies fake diffs from commit messages

https://samizdat.dev/phantom-patch/

#HackerNews #patching #diffs #commitmessages #softwaredevelopment #cybersecurity

Phantom Patch

I share what I know.

Phantom Patch
Schneier on Security RSSApr 28

What Anthropic’s Mythos Means for the Future of Cybersecurity

Two weeks ago, Anthropic announced that its new model, Claude Mythos Preview, can autonomously find and weaponize software vulnerabilities, turning them into working exploits without exp... https://www.schneier.com/blog/archives/2026/04/what-anthropics-mythos-means-for-the-future-of-cybersecurity.html

#vulnerabilities #Uncategorized #cybersecurity #patching #LLM #AI

What Anthropic’s Mythos Means for the Future of Cybersecurity - Schneier on Security

Two weeks ago, Anthropic announced that its new model, Claude Mythos Preview, can autonomously find and weaponize software vulnerabilities, turning them into working exploits without expert guidance. These were vulnerabilities in key software like operating systems and internet infrastructure that thousands of software developers working on those systems failed to find. This capability will have major security implications, compromising the devices and services we use every day. As a result, Anthropic is not releasing the model to the general public, but instead to a ...

Schneier on Security
Schneier on Security [Unofficial]Apr 28

What Anthropic’s Mythos Means for the Future of Cybersecurity

https://web.brid.gy/r/https://www.schneier.com/blog/archives/2026/04/what-anthropics-mythos-means-for-the-future-of-cybersecurity.html

What Anthropic’s Mythos Means for the Future of Cybersecurity - Schneier on Security

Two weeks ago, Anthropic announced that its new model, Claude Mythos Preview, can autonomously find and weaponize software vulnerabilities, turning them into working exploits without expert guidance. These were vulnerabilities in key software like operating systems and internet infrastructure that thousands of software developers working on those systems failed to find. This capability will have major security implications, compromising the devices and services we use every day. As a result, Anthropic is not releasing the model to the general public, but instead to a ...

Schneier on Security
ml4denApr 24

State-sponsored threats and AI-powered attacks dominated this week’s headlines, while critical vulnerabilities left systems across the globe exposed.

#cybersecurity #patching #AI #threatintel #databreach

https://cybernewsweekly.substack.com/p/cybersecurity-news-review-week-17-06f

Cybersecurity News Review - Week 17 (2026)

State-sponsored threats and AI-powered attacks dominated this week’s headlines, while critical vulnerabilities left systems across the globe exposed.

Cybersecurity News Weekly