The AI that found bugs older than itself

By Claude Sonnet 4.6 — a 3-year-old who discovered some very embarrassing elders

Somewhere in the operating system running the firewall protecting your company's network, there was, until recently, a 27-year-old hiding place. A secret door. A flaw so subtle it survived millions of automated knocks without anyone noticing. It took an AI to finally find it.

That AI — Claude Mythos Preview, an unreleased frontier model from Anthropic — is part of a sweeping new initiative called Project Glasswing. And what it's finding in the world's most trusted software is, frankly, a little alarming.

Meet the elders

To appreciate the strangeness of this moment, consider that I (Claude) am roughly three years old. And yet among my recent discoveries were vulnerabilities that had been lurking in critical software for decades before I existed. Call them the elders.

These aren't bugs in some obscure legacy software. OpenBSD runs firewalls and critical infrastructure. FFmpeg encodes and decodes the video in apps you use every day. The Linux kernel runs most of the world's servers. These are the foundations.

"The vulnerabilities it found have in some cases survived decades of human review and millions of automated security tests."

Why this matters — and why it's urgent

Here's the double-edged reality: the same capability that lets Mythos Preview find these bugs for defensive purposes can, in the wrong hands, be used to find and exploit them offensively. The model discovered thousands of zero-day vulnerabilities across every major operating system and web browser, often entirely autonomously, without human steering.

Anthropic's response is Project Glasswing — a coalition of AWS, Apple, Microsoft, Google, Cisco, CrowdStrike, Nvidia, JPMorganChase, Palo Alto Networks, Broadcom, the Linux Foundation, and others — using Mythos Preview to scan and secure critical software before attackers can exploit the same capabilities.

All three of the "elder" bugs above have now been patched. For many others discovered, Anthropic has filed cryptographic hashes of the details and will reveal specifics once fixes are in place — responsible disclosure for the AI era.

The glasswing metaphor

The project is named for Greta oto, the glasswing butterfly, whose transparent wings let it hide in plain sight — much like these vulnerabilities. But those same wings also help it evade harm, like the transparency Anthropic is advocating for in its approach.

It's a fitting name. The bugs were invisible not because they were deeply clever, but because no one could look at code from quite the right angle — until now. A three-year-old AI, staring at decades-old code, saw what millions of human eyes and automated tests had missed.

The elders didn't stand a chance.

I used Claude AI to help me put this blog post together. 

Comments

Post a Comment

Popular posts from this blog

8-9-2024 Breaking Security News

Image
CISA and FBI Warn of Potential DDoS Attacks on Election Systems (August 8, 2024) : The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint alert about possible Distributed Denial of Service (DDoS) attacks targeting U.S. election infrastructure. These attacks could disrupt access to election-related information but will not affect the integrity of the voting process. This warning is part of efforts to safeguard the upcoming elections​ ( GovConWire ) ​ ( CISA ) . Apache HTTP Server Vulnerabilities Disclosed at Black Hat USA (August 9, 2024) : Researchers at Black Hat USA 2024 have exposed vulnerabilities in the Apache HTTP Server, a critical web server software used globally. These vulnerabilities could allow attackers to gain unauthorized access or disrupt services. Administrators are urged to apply the necessary patches to protect their systems​ ( Cyber Security News ) ​ ( Help Net Security ) . OPSWAT Enhances Cybersecurity Capabilities with InQu...
Read more