AI that codes can also break systems 🔓 — so Anthropic launched Project Glasswing to find vulnerabilities before hackers do. With partners like NVIDIA, Apple, and Google, their AI model has already flagged thousands of serious bugs in major browsers and operating systems. Read the article to learn how this defensive approach could reshape software security ⚡
#ProjectGlasswing #Anthropic #Cybersecurity #AI #SoftwareSecurity
I’ve been thinking a lot about where AI coding tools stop being “helpful” and start becoming part of the runtime risk model.
This piece is about that line.
For Java teams, the real issue is not bad generated code. It’s excessive agency: shell access, secrets, MCP tools, and autonomous actions without enough containment.
https://www.the-main-thread.com/p/ai-coding-agents-security-java-blast-radius
#Java #Quarkus #DevSecOps #AICoding #SoftwareSecurity #EnterpriseJava
RE: https://mastodon.social/@thehackerwire/116378857363756327
It's OpenClaw again. Which leads me to the question:
Has anyone built a tool that shows to "Vulnerability Timeline" of one and the same software (possibly also checking for renaming or CPE changes by company mergers)?
This could be useful for arguing for/against a package.
#Infosec #DependencyManagement #SoftwareSecurity
The Guardian | Anthropic says its latest AI model can expose weaknesses in software security by Agence France-Presse
AI company says purpose of its Claude Mythos model is to bolster defenses against hacking in common applications
Anthropic on Tuesday said its yet-to-be-released artificial intelligence model called Claude Mythos has proven keenly adept at exposing software weaknesses.
Mythos has laid bare thousands of vulnerabilities in commonly used applications for which no patch or fix exists, prompting the San Francisco-based AI startup to form an alliance with cybersecurity specialists to bolster defenses against hacking and withhold wide distribution.
Continue reading...
Read more: https://www.theguardian.com/technology/2026/apr/08/anthropic-ai-cybersecurity-software
#ai(artificialintelligence) #anthropic #cybersecurityspecialists #softwaresecurity #vulnerabilities
Here are four of the ten looping Claude user quotes on anthropic.com homepage... Mind you, these are not dynamic, they chose these explicitly. Are they trying to represent user sentiment accurately or are they reading these very differently than I am?
I went there after watching this talk: "Nicholas Carlini - Black-hat LLMs", from one of their engineers. There's definitely good work by talented and conscientious people that's going on there.
I'm rewriting this post because I'm cynical of corporate motives but I also don't think that interpreting everything cynically is helpful. Even after the VC funding runs out (hopefully before we destroy the planet and society), these tools won't disappear especially for malicious actors. So if they're also building tooling to mitigate harm / defend against threat actors, do I dare to hope they're reading the quotes the same way I am? Or is it more of:
I feel like I'm creating more dependency than knowledge.
#AI #Anthropic #Claude #Blackhat #LLM #SoftwareSecurity #Cybersecurity #ThreatActor
AI's changing how we build apps, but are they safe? 😬 Developers, are you skipping security steps? This short dives into why expert oversight is key to avoiding vulnerabilities like hard-coded passwords. New video – check it out! #AIsecurity #SoftwareSecurity #DevSec
Log4Shell - Spring4Shell - The XZ Backdoor
These aren't just headlines - they are wake-up calls! As the software ecosystem grows more complex, the question remains: Are we ready for the next #CyberSecurity crisis?
In this #InfoQ video, Soroosh Khodami shares practical strategies to secure your development lifecycle, whether you're a lean startup or a global enterprise.
🎬 Watch now: https://bit.ly/4cq4DxN
📄 #transcript included
TrueTech Technology Magazine
Markus Eisele
Florian Schmidt
TheBadPlace
Foojay.io
N-gated Hacker News
shom
ChiefGyk3D
InfoQ
Tim Green