AI Security
-
Mozilla says AI-assisted Mythos found 271 Firefox vulnerabilities with few false positives
Mozilla said its Mythos AI-assisted security research found 271 Firefox vulnerabilities, including 180 rated sec-high. The company faced skepticism over false positives and the lack of individual CVEs.
-
LMDeploy flaw exploited within 13 hours of disclosure, researchers say
LMDeploy flaw CVE-2026-33626 was exploited within 13 hours of disclosure, researchers said. The SSRF issue could expose cloud credentials and internal services, and early attacks probed metadata, databases and loopback targets.
-
European regulators largely excluded from early access to Anthropic’s Mythos model
European regulators have largely been excluded from early access to Anthropic’s Mythos cybersecurity model, while a small group of mostly U.S. tech companies and the UK AI Security Institute have been allowed to test it.
-
Anthropic launches Project Glasswing to use Claude Mythos for vulnerability hunting
Anthropic launched Project Glasswing to use its Claude Mythos preview model for vulnerability hunting, saying the system found thousands of flaws and can also be powerful enough to aid exploitation.
-
Grafana AI flaw could expose enterprise data in zero-click attack
Researchers say a critical Grafana flaw could let attackers use AI-powered dashboards to exfiltrate sensitive data without authentication. Grafana reportedly validated the issue and released a fix after disclosure by Noma Security.
-
Anthropic employee error exposed Claude Code source code through npm package
Anthropic said an employee exposed Claude Code source code by including a source map in an npm package. The company called it a packaging error, while experts said such files can reveal logic, prompts and secrets.
-
Palo Alto Networks in talks to buy Israeli cybersecurity startup Koi for about $400 million
Palo Alto Networks is reported to be in talks to buy Israeli startup Koi for about $400 million. Koi, founded in 2024 and backed with $48 million, offers an AI driven supply chain security platform that protects over 500,000 endpoints.
-
Amazon opens invite-only bug bounty for NOVA models to outside researchers
Amazon has launched an invite-only bug bounty program for its NOVA family of language models, allowing select researchers to test and be paid for findings on issues such as prompt injection, jailbreaking and other vulnerabilities, with the company saying the effort will help secure models integrated across Amazon and customer systems.
-
Google DeepMind unveils CodeMender to detect, patch and rewrite vulnerable code
DeepMind has unveiled CodeMender, an AI agent that detects, patches and rewrites vulnerable code using Gemini models and an LLM-based critique tool; Google says it has upstreamed 72 fixes and is expanding AI security measures including an AI Vulnerability Reward Program and updates to its Secure AI Framework.
-
Researchers disclose three now-patched vulnerabilities in Google’s Gemini AI
Researchers disclosed three patched vulnerabilities in Google’s Gemini AI that could have exposed users to privacy risks, affecting Cloud Assist, the Search Personalization model and the Browsing Tool, Tenable said; Google has applied mitigations.
