… The directive comes as private companies and governments have been scrambling to assess the extent of the cybersecurity reckoning that AI vulnerability and exploit development capabilities could unleash. “Prioritizing IT and security operations attention on the most at-risk assets is particularly i… …
… Security experts also say that the moment presents an opportunity to address shortcomings in how software is currently developed. “For decades, we have built an enormous global industry to defend, detect, and respond to ‘vulnerabilities’—flaws and defects in software—that should never have existed … …
… In other words, they're architecting digital solutions for different classes of vulnerabilities that eliminate them or make them significantly less exploitable in practice. “You can’t patch your way out of this,” says longtime security engineer and researcher Niels Provos. “You need to build infras…
… Done not carefully, this could be a meaningfully accelerant for attackers.” Project Glasswing partners, including some of Anthropic's competitors, struck a collaborative tone in statements as part of the launch. “Google is pleased to see this cross-industry cybersecurity initiative coming together,… …
… Discord Sleuths Gained Unauthorized Access to Anthropic’s Mythos AI Tool Anthropic’s Mythos Preview AI model has been touted as a dangerously capable tool for finding security vulnerabilities in software and networks, so powerful that its creator has carefully restricted its release. …
… Independent security researcher Johnny Franks tells WIRED that he found yet another new, active domain—a fake website written in English, capable of infecting US-based users—that was part of a DarkSword hacking campaign as late as Thursday of last week, a finding confirmed by mobile security firm i… …
… Meanwhile, the United States Cybersecurity and Infrastructure Security Agency issued a new directive to federal agencies this week in reaction to new AI threats that includes a requirement to fix the most urgent software vulnerabilities in as little as three days. …
… The agency’s remit, after all, includes some elements of helping the US government discover and patch security vulnerabilities in the software it uses, as well as sometimes exploiting those vulnerabilities in the NSA’s own operations. …
Both Anthropic and OpenAI have announced new AI models in recent weeks that the companies say have advanced cybersecurity capabilities that could represent a turning point in how defenders—and, crucially, attackers—find vulnerabilities and misconfigurations in software systems. …
… The response was filed in a federal court in San Francisco, one of two venues where Anthropic is challenging the Pentagon’s decision to sanction the company with a label that can bar companies from defense contracts over concerns about potential security vulnerabilities. …