I wrote a post on creating "scalable research tooling for agent systems" and I'm also releasing the companion MCP server which lets you do autonomous Frida instrumentation on Android. Details in thread 👇📲🪝

Attended the first keynote at @vulncon 2026 Learned a ton from @FuzzySec MirrorCode (the insane AI agent that autonomously solved complex tasks for 65 hours), AI CTFs, and the shifting regulatory landscape: • India’s 7 Sutras on AI regulation • Europe’s over-regulation & its real impact on the AI job market Absolute banger session! Thanks @FuzzySec 🙌 (and yeah, I still hope you start farming someday 😂) #VulnCon2026 #AI #CyberSecurity

while FAANG engineers enjoy a varied cuisine and the office barista knows them and their preferred matcha latte by heart.. somewhere in a murky office an NSO employee is slaving away on the next whatsapp chain while feasting on instant noodles 🍜

While Mythos showed what frontier model might become, we asked a different question: With a dedicated security harness, can open-source LLMs approach Mythos-level vulnerability research on real targets? Meet deepsec, DARKNAVY's attempt to answer. darknavy.org/blog/deepsec_ch…

Fable 5 is the same underlying model as Mythos 5, but with cybersecurity and biology blocks. Mythos is the first model that's made me feel that we've entered the next phase of model progress. For years, we've talked about cybersecurity / self-improvement / autonomy / model-dominated coding / biology implications of model progress. Some of these are issues to defend against; some are areas to advance. Mythos has made me & our team feel like we've seen the earliest glimpse of the world we've been talking about. Also, we published a lot of cyber eval results in the system card, including some evals we designed recently, as well as details of safeguards. In most cases, Mythos 5 ~= Mythos Preview. We found it ticked up on the new ExploitBench eval, and we opted to put that in the eval table so people can calibrate/update on advances in cyber capabilities to be prepared for. (We don't want to compete on offensive capabilities and don't try to.) But overall, Mythos 5 is an efficient model, about equal to Mythos Preview in most cases. I'd really like more people to design new security evals! The better models get, the more our limited evals only see a small part of the picture. In terms of where we go from here, here are some current thoughts: 1/ It's important we get Mythos cyber capabilities to defenders. We just have to do it safely and cautiously. We're working on an expanded trusted access program. We're working with government and industry to do this. I sort of envision the next 1-2 years being a large scale effort to make the world resilient design & implement new approaches to security. 2/ I think cybersecurity will start merging with AI security and alignment. Let's say you're a defender and you want to use a model -- will it break out of its sandbox? Will it stop where you tell it to stop? This is one reason I'm excited about working on cybersecurity. In the limit, it's the same thing as AI security. 3/ I really want people to develop new evals for... defensive cybersecurity, hardware security, autonomously running a business, advanced biology, and other parts of national security. Our internal eval ship rate is way, way up because Mythos makes it easy to iterate, especially on the engineering aspect of building evals. (Sometimes, we ask new hires to make a new eval on their first day, and another on the next). I’m excited we’re making this available as Fable 5, because I think the world spending time with the model is the most important way to calibrate.

Discovery of N-day vulnerabilities are largely solved at scale by the Mythos and Opus models, for both proprietary and open-source software. It’s time to seriously rethink vulnerability disclosure and time-to-fix timelines. Cascading effects across the software supply chain are becoming a serious bottleneck.

Our internal data shows Claude is accelerating AI development—a possible path to recursive self-improvement, or AI autonomously building a more capable successor. It’s happening faster than we thought, and the implications deserve greater attention. anthropic.com/institute/recu…

Everyone except me ? We are in fact still in court over this.

[#POC2026 NOTICE] Your offensive conference is BACK again in its shape! and POC2026 begins in a new home. ⏰ Date: November 12–13 📍 New Venue: The Westin Seoul Parnas, Korea 🇰🇷 👨‍🏫 CFT: June 1 – June 26 🎙️ CFP: June 1 – September 30 🎟️ Registration: September 1 – October 31 More info 👉 powerofcommunity.net

That’s a wrap on @typhooncon in Seoul 🇰🇷 🌸! Happy first-time sponsors, grateful to be part of it, and congrats to @LabsSsd, @aviramj & @nrathaus, the speakers, trainers, and everyone who joined. Safe travels home! ✈️ 👋🏼 #TyphoonCon26

Find some of our crew around at @typhooncon 🌪️🇰🇷 Enjoy the event and feel free to engage with us 😄 #TyphoonCon26

the real winners of DEFCON quals

1/ We are sharing additional details regarding our investigation into unauthorized access to GitHub's internal repositories. Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately.

Attacking Instant Messaging Applications in the LLM Era by @nitayart 📅 Oct 12-15 📍 Espace Vinci or Espace Cléry, Paris 2nd 👉 hexacon.fr/trainer/attacking…

Honored to have sponsored @offensive_con and support a community that continuously brings together incredible talent and people. Congrats to @Binary_Gecko, speakers, trainers, fellow sponsors, and attendees who made this edition special. Safe travels home 🫶🏻 #OffensiveCon26 🇩🇪