AI Security
-
Squidbleed:Claude Mythos 挖出潜伏 29 年的 Squid 漏洞
Security firm Calif.io pointed Claude Mythos Preview, running multi-agent analysis, at Squid proxy’s FTP parsing code. The model flagged a heap over-read almost immediately. The bug dates to a January 1997 commit — older than Squid’s own GitHub history. Human code review missed it for 29 years. It’s now CVE-2026-47729, aka Squidbleed. One line of… Continue reading
-
Astra Autonomous Pentest Sends AI-Found Fixes Straight Into Your IDE
Penetration testing has always been slow, manual, and expensive. Astra’s new Autonomous Pentest turns it into a pipeline of AI agents, built on insights from more than 5,000 real-world pentests, that own the full cycle — from finding a bug to handing a developer the fix. ## How Astra Autonomous Pentest works Discovery agents hunt… Continue reading
-
Google: First AI-Generated Zero-Day Exploit Caught in the Wild
The “AI will write malware someday” debate is over. On May 11, Google’s Threat Intelligence Group confirmed the first documented case of criminals using an LLM to find AND weaponize a working zero-day — a 2FA bypass in a widely-used open-source web admin platform. Not a research demo. A live attack, aimed at mass exploitation.… Continue reading
