%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%23061b40;%20}%20.st1%20{%20fill:%20%23306af1;%20}%20.st2%20{%20fill:%20%235ce5cf;%20}%20%3c/style%3e%3c/defs%3e%3cg%3e%3cpath%20class='st0'%20d='M55,10.5h9v3h-9v9h12V7.5h-12v3ZM64,19.5h-6v-3h6v3Z'/%3e%3cpolygon%20class='st0'%20points='69%2016.5%2078%2016.5%2078%2019.5%2069%2019.5%2069%2022.5%2081%2022.5%2081%2013.5%2072%2013.5%2072%2010.5%2081%2010.5%2081%207.5%2069%207.5%2069%2016.5'/%3e%3cpolygon%20class='st0'%20points='95%2010.5%2095%207.5%2083%207.5%2083%2022.5%2095%2022.5%2095%2019.5%2086%2019.5%2086%2016.5%2095%2016.5%2095%2013.5%2086%2013.5%2086%2010.5%2095%2010.5'/%3e%3cpath%20class='st0'%20d='M40,1.5v21h11.6l1.4-1.4v-7.6h0c0,0-1.4-1.5-1.4-1.5l1.4-1.4V2.9l-1.4-1.4h-11.6ZM50,19.5h-7v-6h7v6ZM50,10.5h-7v-6h7v6Z'/%3e%3c/g%3e%3cpath%20class='st1'%20d='M23.1,24L14.7,4.8l-4.9,11.2h3.8l-1.8,4H3.3L12.1,0H2C.9,0,0,.9,0,2v20c0,1.1.9,2,2,2h21.1Z'/%3e%3cpath%20class='st2'%20d='M34,0h-16.8l10.6,24h6.2c1.1,0,2-.9,2-2V2C36,.9,35.1,0,34,0ZM32.5,20h-4V4h4v16Z'/%3e%3c/svg%3e)
Recently, the company Anthropic announced that within just one month of launching their Project Glasswing, they have collaborated with approximately 50 partners to successfully identify over 10,000 high and critical security vulnerabilities. This achievement has greatly impressed the entire tech community, demonstrating the significant potential of AI in the field of cybersecurity.
According to feedback from partners, the Claude Mythos Preview model developed by Anthropic has shown remarkable improvement in its ability to detect vulnerabilities. Some teams have even seen a tenfold increase in the speed of vulnerability discovery, meaning tasks that once took days can now be completed in just a few hours. The bottleneck in vulnerability mining has now shifted from "discovering vulnerabilities" to "validating, disclosing, and fixing them," presenting new challenges for security teams.
For example, Cloudflare discovered 2000 vulnerabilities in its critical systems, 400 of which were rated as high or critical. Compared to traditional manual testing, the false positive rate of the Claude model has significantly decreased, showing higher accuracy. Meanwhile, Mozilla fixed 271 vulnerabilities in the latest version of its Firefox browser, a number ten times greater than that of the previous version, highlighting the value of AI in improving the efficiency of repairs.
In independent evaluations, the Mythos Preview model also performed well. The UK AI Safety Institute called it the first model to successfully breach two network defense training grounds, while the XBOW platform also noted that it outperformed existing models in web exploitation, with extremely high accuracy.
Additionally, over the past few months, Anthropic has conducted a large-scale scan of open-source software, identifying 23,019 vulnerabilities, including medium and low-risk ones. After manual verification, 1,587 of these were confirmed as real high or critical vulnerabilities, achieving a true rate of 90.6%. Even without discovering new vulnerabilities, it is estimated that nearly 3,900 high or critical vulnerabilities will still need to be addressed in the end.
However, the process of patching vulnerabilities is not simple. Anthropic pointed out that it takes an average of two weeks to release a patch after discovering a high-risk vulnerability. Some open-source maintainers have even stated that due to the inability to handle the volume of AI-generated vulnerability reports, they need to slow down the disclosure pace. Such situations mean that the workload for security teams will become even heavier in the future.
Key Points:
🔍 Over 10,000 high-risk vulnerabilities were discovered by Anthropic's AI model, with a significant improvement in speed!
⚙️ Traditional vulnerability detection has reduced false positives, and AI has helped improve repair efficiency.
⏳ The process of vulnerability repair is under pressure, and open-source maintainers are requesting to slow down the disclosure pace.