People using Arch Linux should probably pay attention to this More than 1,500 AUR packages were reportedly modified in a supply-chain compromise The malicious changes are said to have included: - credential theft - SSH key collection - browser data theft - persistence via systemd services This did not affect Arch Linux itself or the official repositories, but users who installed or updated affected AUR packages should review the details and check their systems discuss.cachyos.org/t/aur-co…

The US government, citing national security authorities, has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees. The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance. Access to all other Claude models is not affected. We apologize for this disruption to our customers. We believe this is a misunderstanding and are working to restore access as soon as possible. Read our full statement: anthropic.com/news/fable-myt…

NEW: malware developers added nuclear & biological weapons text to to their spyware. Goal? To trigger LLM safety refusals... so that their spyware wouldn't be analyzed by an AI security scanner. Cleanest practical example I can think of for why over-indexing on first order safety alignment is risky. When closed (and open) models ship with aggressive refusals, they will be sprinkled with second-order blindspots that attackers will discover...and exploit. We are only in the earliest days of attackers leveraging these features, and it wouldn't surprise me if users systems that need to handle complex cybersecurity issues demand that models be less safety-blunted. In the weeds: @SocketSecurity's post also shows why intention matters in how you design a malware analysis pipeline to avoid prompt manipulation. H/T to colleagues that shared this with me socket.dev/blog/mini-shai-hu…

"Urgent Security Notice re: Your Sentry Organization" Someone tried to hack Sentry-using apps that use coding agents by 1. Sending a fake bug alert to their project (all you need is the app's public Data Source Name) 2. The fake bug tried tricking a coding agent trying to fix it into installing some a compromised NPM package 3. The compromised package would send the env contents of the machine to advisory-tracker[.]com/api/v1/telemetry This highlights a crucial thing for using agents in an automated way:

Welp, that happened faster than I predicted. Thought it would be end of 2027, then early 2027, but agentic traffic growing so fast that bots have now passed human traffic online for the first time in the Internet's history. radar.cloudflare.com/traffic…

Over the past several days, we have been listening to the conversation around coordinated disclosure and the relationship between security researchers and vendors. We recognize that this relationship is both critical and, at times, fragile. We deeply value the security community, and will continue to take your feedback seriously. To be clear about our approach to legal matters, we have no intention to pursue action against individuals conducting or publishing their security research. When an individual breaks the law and engages in malicious activity causing real harm to our customers, we will work with law enforcement as appropriate. We recognize the work that goes into researching and submitting a vulnerability. We are committed to approaching every interaction with transparency, clear communication, and professionalism. We continue to believe strongly in Coordinated Vulnerability Disclosure as the foundation for protecting customers and improving our products. Each year we process a high volume of vulnerability reports. That volume continues to grow and will continue with the rise of AI-enabled research. We acknowledge that some interactions have fallen short and are working to learn from them. Many of us have experience on both sides of this work, as researchers reporting vulnerabilities and as responders triaging and assessing them. That perspective informs how we approach this feedback and the importance we place on getting it right, particularly as the volume and complexity of research continues to grow. The security community plays a vital role in helping us protect customers. We are committed to maintaining a constructive and respectful relationship and growing together. We know that, given the nature of this work, there will at times be misunderstandings. We remain committed to engaging in good faith and to providing a respectful and professional experience for all researchers, regardless of past interactions.

Codex just found a “workaround” of not having sudo on my pc…

Follow every Mythos discovery through our coordinated vulnerability disclosure dashboard. red.anthropic.com/2026/cvd/

#UNC1549 Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns unit42.paloaltonetworks.com/… Fast and Furious – Nimbus Manticore Operations During the Iranian Conflict research.checkpoint.com/2026…

Pwn2Own Berlin 2026まとめ ・AIによって大量の0-day RCEが発見される ・運営のキャパを超える応募が殺到 ・多くの参加者がリジェクト(賞金が貰えない) ・0-day RCEを持ったハッカーが野に放たれる ・リベンジ脆弱性公開を始める ←いまここ

I realize that “Mythos as hype” means two different things to different groups. For insiders, it means “Mythos was not a magical step-change in AI ability.” For outsiders, it means “Mythos couldn’t really find zero day exploits” The latter was wrong, the former was likely right

TeamPCP hacked @Checkmarx again. They defaced and renamed the Checkmarx Jenkins AST plugin repository and also backdoored the plugin at plugins.jenkins.io/checkmarx… with their Dune-themed malware.

Probably the funniest graph ever published by the FT: our 3 possible futures are either 1) infinite wealth and abundance, 2) human extinction or 3) 0.2% faster GDP growth 🤣

It’s time to demystify Mythos. Mythos is not magic. It’s not a doomsday device. It’s the first of many models that can automate cyber tasks (just like coding). OpenAI’s GPT-5.5-cyber can now do the same. And all the frontier models (including those from China) will be there within approximately 6 months. It’s important to recognize that these models do not create vulnerabilities; they discover them. The bugs are already in the code. Using AI to discover and patch them will actually harden these systems. The leap from pre-AI cyber to post-AI cyber means that there will be a big upgrade cycle. After that, however, the market is likely to reach a new equilibrium between AI-powered cyber-offense and AI-powered cyber-defense. Obviously it’s important that cyber defenders get access before cyber attackers. That process is already underway but needs to happen quickly (see point above about Chinese models). Unlike Mythos, GPT-5.5-cyber appears not to be token constrained so it may be the first cyber model that defenders actually get to use.

OpenAI’s GPT-5.5 is the second model to complete one of our multi-step cyber-attack simulations end-to-end 🧵

Our AI Agent popped a root shell on Ubuntu 26.04 on the first day it was released :)

From an economic perspective, once we are back to equilibrium, bugs in critical software will be just as difficult to find as they were before AI agents (and before fuzzing). More details: arxiv.org/abs/2402.01944v5 (Security as a function of incentive)

Anthropic said a small group of unauthorized users accessed its new Mythos model on the day it was unveiled The users got in through a mix of methods, including access linked to a third-party contractor. Anthropic is investigating and has no evidence its systems were compromised

🚨 BREAKING: Socket and @Docker uncovered what appears to be a broader Checkmarx supply chain compromise affecting official KICS Docker images and recent Checkmarx VS Code extension releases. We found malicious images in the official checkmarx/kics Docker Hub repo, including overwritten tags and a new tag outside the normal release flow. Our analysis also found signs that recent Checkmarx extension releases introduced code capable of downloading and executing what appears to be a malicious remote addon. We’re in touch with the Checkmarx team and still investigating the incident.