惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

P
Privacy International News Feed
I
Intezer
T
Tenable Blog
S
Schneier on Security
Project Zero
Project Zero
G
GRAHAM CLULEY
酷 壳 – CoolShell
酷 壳 – CoolShell
小众软件
小众软件
Know Your Adversary
Know Your Adversary
博客园 - 司徒正美
The Cloudflare Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
N
News and Events Feed by Topic
博客园 - 叶小钗
宝玉的分享
宝玉的分享
L
LINUX DO - 热门话题
aimingoo的专栏
aimingoo的专栏
S
Secure Thoughts
Forbes - Security
Forbes - Security
T
The Exploit Database - CXSecurity.com
D
Darknet – Hacking Tools, Hacker News & Cyber Security
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - 【当耐特】
罗磊的独立博客
IT之家
IT之家
H
Hacker News: Front Page
I
InfoQ
云风的 BLOG
云风的 BLOG
S
Security Affairs
M
MIT News - Artificial intelligence
GbyAI
GbyAI
Jina AI
Jina AI
Help Net Security
Help Net Security
Engineering at Meta
Engineering at Meta
大猫的无限游戏
大猫的无限游戏
Webroot Blog
Webroot Blog
L
Lohrmann on Cybersecurity
A
About on SuperTechFans
Attack and Defense Labs
Attack and Defense Labs
The Register - Security
The Register - Security
V
V2EX
G
Google Developers Blog
D
DataBreaches.Net
Apple Machine Learning Research
Apple Machine Learning Research
C
Cybersecurity and Infrastructure Security Agency CISA
J
Java Code Geeks
W
WeLiveSecurity
Cloudbric
Cloudbric
T
Tor Project blog

Hacker News - Newest: "AI"

AI can't read an investor deck AI as an attorney? Student uses ChatGPT, Gemini to sue UW over alleged racial discrimination Hacking MCP Servers in AI Systems – The Rug Pull: Tool Changes After Approval GitHub - MeepCastana/KubeezCut: Free Web based video editor GitHub - GenAI-Gurus/awesome-eu-ai-act: Curated tools, official sources, OSS, templates, and guides for EU AI Act compliance. Can AI judge journalism? A Thiel-backed startup says yes, even if it risks chilling whistleblowers Coming soon: 10 Things That Matter in AI Right Now DARPA built an AI to fact-check enemy weapons claims What explains heterogeneity in AI adoption? When AI Meets Muscle: Context-Aware Electrical Stimulation Promises a New Way to Guide Human Movements - Department of Computer Science AI Changed How We Build. It Did Not Change What Matters. Linux rules on using AI-generated code - Copilot is OK, but humans must take 'full responsibility for the… Meta spins up AI version of Mark Zuckerberg to engage with employees Code Mode: Let Your AI Write Programs, Not Just Call Tools | TanStack Blog GitHub - Delavalom/graft: Go framework for building AI agents. Type-safe tools, multi-provider (OpenAI, Anthropic, Gemini, Bedrock), zero vendor SDKs. India's TCS tops estimates, says new AI models did not dent services demand Gen Z's fading AI hype Strong feeling: we are in a folded AI reality GitHub - machinarii/total-recall-catalog: A reference catalog of latest knowledge retrieval, memory & RAG systems GitHub - mensfeld/code-on-incus: Give each AI agent its own isolated machine with root, Docker, and systemd. Active defense detects and stops threats automatically.. Quantization, LoRA, and the 8% Problem: Benchmarking Local LLMs for Production AI Iran war: We spoke to the man making Lego-style AI videos that experts say are powerful propaganda Powell, Bessent discussed Anthropic's Mythos AI cyber threat with major U.S. banks GitHub - immartian/bellamem: Persistent belief-graph memory for AI agents. Retrieves decisive context by importance — not recency, not RAG, not /compact. recursive-mode: The Repo-Native Operating System for AI Engineering After the attack on Sam Altman's home, will AI CEO's go on the offensive? The biggest advance in AI since the LLM Opus 4.6 vs GPT 5.4 One Prompt Unity World Generation Test “AI polls” are fake polls Client Challenge Can AI be a 'child of God'? Inside Anthropic's meeting with Christian leaders How to Switch AI Chatbots and Why You Might Want To GitHub - MattMessinger1/agentic_refund_guardrail: Safe refund policy layer for AI agents — Python + TypeScript. Same behavior, shared tests. Adam/papers/emergent_values_whitepaper.md at master · strangeadvancedmarketing/Adam Ask HN: How do you stop playing 20 questions with your AI coding tools How far can automation and AI support psychotherapy? - @theU GitHub - stagas/rtdiff: realtime git diff gui and AI-assisted commits A Mac Studio for Local AI — 6 Months Later A History of the Early Years of AI at the University of Edinburgh Why AI Coding Tools Still Feel Stuck on Localhost MSN AI Datacenters Are Becoming Strategic Targets twitter.com Penn Researchers Use AI to Surface Unreported GLP-1 Side Effects in Reddit Posts Show HN: MoodSense AI (ML and FastAPI and Gradio, Deployed on Hugging Face) Moodsense Ai - a Hugging Face Space by aman179102 AI models are terrible at betting on soccer—especially xAI Grok GitHub - xialeistudio/echoic GitHub - HimashaHerath/github-dev-wrapped: AI-powered weekly GitHub activity reports deployed to GitHub Pages GitHub - alejandrobalderas/claude-code-from-source: Architecture, patterns & internals of Anthropic's AI coding agent — reverse-engineered from source maps AI and Tech brief: Ireland ascendant GitHub - Titovilal/context0: Context0 - Never Surrender Training for a Marathon with an AI Coach: What Worked and What Didn't Cyber Pulse: Agentic Intel - Apps on Google Play I Built an AI PR Reviewer That Catches Bugs by Not Looking for Bugs Gen Z workers are so fearful AI will take their job they’re intentionally sabotaging their company’s AI rollout | Fortune How AI Is Reimagining the Game of Golf–For Both Players and Courses GitHub - nattergabriel/reseed: A CLI tool for managing and distributing agent skills across projects Is SVG the final frontier? My AI workflow evolved from prompts to a near-autonomous workflow MLSharp Help - 3DGS Viewer & Generator I put my cognitive field based AI's runtime on GitHub Is Numble the first AI-proof game? A3: Kubernetes for autonomous AI agent fleets | Emergent Principles Deepali Vyas ("The Elite Recruiter") GitHub - msmarkgu/RelayFreeLLM: A restful API designed to route user prompts to various AI model providers. Unionized ProPublica staff are on strike over AI, layoffs, and wages Unleashing the Advantage of Quantum AI We're heading for an AI-fueled 'dementia crisis,' brain scientist warns The AI-Assisted Breach of Mexico's Government Infrastructure [pdf] GitHub - stef41/lmscan: 🔍 Detect AI-generated text and fingerprint which LLM wrote it. Open-source GPTZero alternative. Zero dependencies, works offline. MSN GitHub - visionscaper/collabmem: Enabling long-term collaboration with Agentic AI - building up episodic and world model memory over time with in-context awareness We gave an AI a 3 year retail lease in SF and asked it to make a profit | Andon Labs AI Code is Hollowing Out Open Source, and Maintainers are Looking the Other Way What leaked "SteamGPT" files could mean for the PC gaming platform's use of AI AI is the boss at this retail store. What could go wrong? GitHub - Wuzu11517/agentic-proxy: Local proxy meant to help reduce With Drones, Geophysics and ArtificiaI Intelligence, Researchers Prepare to Do Battle Against Land Mines A Single Operator, Two AI Platforms, Nine Government Agencies: The Full Technical Report 在 Steam 上购买 FriedrichAI: Offline AI 立省 10% GitHub - inevolin/resume-cli: Hit Claude usage limits? Resume any AI coding session elsewhere. Switch tools at zero friction. GitHub - atripati/ark: AI Runtime Kernel — a context operating system for AI agents. Eliminates tool bloat, loads only what’s needed, and gives LLMs their reasoning space back. How to Build a Secure AI PR Reviewer with Claude, GitHub Actions, and JavaScript This Startup Wants You to Pay Up to Talk With AI Versions of Human Experts Intel Arc Pro B70 Brings 32GB VRAM to Local AI for $949 WordPress 7.0: The Good, the AI, and the Still Missing AI on the couch: Anthropic gives Claude 20 hours of psychiatry IatroBench: Pre-Registered Evidence of Iatrogenic Harm from AI Safety Measures AI Agents Know About Supabase. They Don't Always Use It Right. The history and future of AI at Google, with Sundar Pichai Inside an AI‑enabled device code phishing campaign How Meta Used AI to Map Tribal Knowledge in Large-Scale Data Pipelines AI for Systems: Using LLMs to Optimize Database Query Execution Forecasting the Economic Effects of AI Introducing Tinker: Play with AI, bring your ideas to life AI sheds light on an ancient gaming mystery People really hate AI but not as much as Iran—or Democrats | Fortune What is an AI Product Engineer? Phoebe Gates wants her $185 million AI startup to succeed with 'no ties to my privilege or my last name': 'I have a chip on my shoulder' | Fortune
The First CVE Wave: Signs That AI-Assisted Vulnerability Discovery Is Reshaping Disclosure Volumes | Blog | VulnCheck
speckx · 2026-05-19 · via Hacker News - Newest: "AI"

Key Takeaways:

  • CVE disclosure volumes are up sharply year-to-date (YTD) across several software suppliers, including Chrome (+563.2%), VMware (+180.9%), Apache (+170.3%), Mozilla (+156.9%), HPE (+132.3%), and F5 (+113.8%).
  • GitHub CVE issuance is also up significantly YTD (+476.07%), with GitHub indicating the increase is spread across many reporters and projects rather than concentrated in one source.
  • The increases are consistent with broader use of AI-assisted vulnerability discovery, though the signal is still emerging and not all increases can be directly attributed to AI.
  • Public examples from Mozilla, Microsoft, Apache, Curl, and Palo Alto show AI models being used to find, validate, or triage vulnerabilities, with mixed results depending on the project.
  • What is less clear is whether these volumes will be sustained, or whether this is a temporary surge as frontier AI models are applied across different code bases.
  • Defenders should prepare for higher vulnerability volumes while continuing to use threat intelligence to prioritize emerging threats that are being actively exploited or likely to be.

Since the start of this year, I've been watching for evidence of AI-assisted vulnerability discovery in publicly disclosed CVE volumes. The early signals were noisy. Our "report a vulnerability" service saw a flood of submissions that, frankly, started as slop. But over the past few months, the quality of incoming submissions has noticeably improved, and the underlying volume hasn't subsided.

Then on April 7, 2026, Anthropic announced Project Glasswing and Claude Mythos Preview, and the conversation shifted hard. Anthropic claimed Mythos had already identified thousands of zero-day vulnerabilities across every major operating system and web browser. Rather than releasing the model publicly, they funneled access to a coalition of partners, including AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, plus several other organizations.

The cybersecurity industry's response was a mix of awe, fear, uncertainty, and doubt, which prompted two questions: At what scale is AI-assisted vulnerability discovery real? And at what scale would we see it in the public disclosure of vulnerabilities? Which led me to building a list tracking Anthropic attributed CVEs We are now two Patch Tuesdays past the Glasswing announcement, and the signals are starting to emerge.

To put the results in perspective, I started by looking at the top 20 CVE Numbering Authorities and their CVE issuance volume over the past five years and found clear indications across several projects of the likely impact AI-assisted vulnerability discovery is having on public disclosures of vulnerabilities.

Digging in a bit deeper, I decided to look at the top Software Suppliers and their year-over-year growth to better understand what significant changes might be happening. From the chart above we can see some notable increases across Chrome (+563.2%), Mozilla (+156.9%), VMware (+180.9%), Apache (+170.3%), HPE (+132.3%), F5 (+113.8%), among several others. In addition to these, GitHub's 476.07% increase highlights accelerated vulnerability disclosure across a high volume of open source projects.

The evidence appears to point to emerging AI models that have enabled software suppliers and security researchers to discover and remediate vulnerabilities that would have likely gone overlooked otherwise.

Digging Into Noteworthy Software Suppliers and Open Source Projects

To provide some visibility into the emerging trend of AI-assisted vulnerability discovery, we took a deeper look at several of the software suppliers and open source projects.

During the same window in which our submission queue was experiencing its AI-driven surge, GitHub was seeing its own surge in vulnerability reports. Both the volume of findings and the corresponding increase in CVE issuance have been confirmed as real by the GitHub team. "No single reporter accounts for more than ~3% of volume, and no single project accounts for more than ~7%. This isn't one person or one tool, it's a systemic shift in how vulnerability reporting is happening across the ecosystem." - Madison Oliver Ficorilli. Something in the ecosystem has changed, and the most likely explanation is the greater availability of AI models that are effective at discovering vulnerabilities in open source software. It also highlights how open source software appears to serve as a testing ground for AI vulnerability discovery tools and an early indicator of what's to come.

References: https://www.linkedin.com/pulse/everyones-blaming-ai-bad-vulnerability-reports-data-oliver-ficorilli-kvoxc/?trackingId=miFeABHjId5tHsdVftUuaA%3D%3D

Mozilla has been one of the more vocal and transparent projects when it comes to AI-assisted vulnerability discovery, and is a participant in Project Glasswing. The Mozilla team stated, "Since February, the Firefox team has been working around the clock using frontier AI models to find and fix latent security vulnerabilities in the browser." They also highlighted their participation in Anthropic's Mythos preview: "As part of our continued collaboration with Anthropic, we had the opportunity to apply an early version of Claude Mythos Preview to Firefox."

References:

Chrome experienced a 563% increase in CVE disclosures, one of the most significant upticks we observed, and Google has confirmed its participation in Project Glasswing.

While we haven't seen concrete confirmation of what tools were used to drive the sudden increase, we suspect it's related to AI discovery tools, likely some combination of Mythos and Google's own AI models. The trend points toward AI-assisted discovery as the most likely driver.

Additionally, Google's Threat Intelligence Group recently published an article on adversaries leveraging AI for vulnerability exploitation, highlighting that the use of new tools isn't limited to the defender side.

References: https://cloud.google.com/blog/topics/threat-intelligence/ai-vulnerability-exploitation-initial-access

Microsoft is a participant in Project Glasswing and has also announced the launch of its own AI discovery tool, clear evidence that AI is making an impact on CVE disclosures. As Microsoft noted, "The findings in this Patch Tuesday and the retrospective recall on five years of CLFS MSRC cases are evidence that AI vulnerability findings can scale."

This suggests we're likely just at the beginning of higher volumes of CVE disclosures across Microsoft products. It will be interesting to see how far Microsoft's CVE issuance scales over the coming months.

References: https://www.microsoft.com/en-us/security/blog/2026/05/12/defense-at-ai-speed-microsofts-new-multi-model-agentic-security-system-tops-leading-industry-benchmark/

Apache is a participant in Project Glasswing and is experiencing a 170%+ increase in CVEs published. As Anthropic stated, "we've donated $1.5M to the Apache Software Foundation to enable the maintainers of open-source software to respond to this changing landscape." We thought it would be worthwhile to provide some examples of security researchers using AI tools to assist in their discovery work. ActiveMQ CVE-2026-34197 was discovered by Naveen Sunkavally with the assistance of Claude and is now known to be exploited in the wild and recently landed on CISA KEV.

In his words: "These days I always use Claude to take a first pass at source code for vulnerability hunting. I prompt it lightly and set up a target on the network for it to validate findings. A lot of the time, Claude finds interesting stuff but it doesn't quite rise to the level of a CVE I'd bother reporting. In this case, it did a great job, with nothing more than a couple of basic prompts. This was 80% Claude with 20% gift-wrapping by a human." - Naveen Sunkavally.

References: https://horizon3.ai/attack-research/disclosures/cve-2026-34197-activemq-rce-jolokia/

While Curl didn't make our chart for CVE growth (we excluded lower-volume CVE software suppliers), it remains one of the most heavily audited and fuzzed code bases in existence.

Daniel Stenberg, who maintains Curl, offers a grounded perspective: of the five "confirmed" vulnerabilities Mythos initially reported, only one held up as a valid CVE after his security team's review, with the rest being false positives or non-security bugs. He also emphasizes that running multiple AI models over time continues to uncover different bugs and vulnerabilities, and notes that previous AI tools have already driven hundreds of bugfixes in curl. Daniel's blog is well worth the read.

References: https://daniel.haxx.se/blog/2026/05/11/mythos-finds-a-curl-vulnerability/

While Palo Alto didn't make the charts due to lower overall CVE issuance, they've seen a 37% increase in CVE issuance year to date and have been very vocal recently about their use of frontier models. "For over a month, we've been using the latest frontier AI models, including Anthropic's Mythos and Claude Opus 4.7 and OpenAI's GPT-5.5-Cyber as part of the Trusted Access for Cyber program. Our teams have worked tirelessly to learn how to fully leverage the immense power of these models, and to find and fix any vulnerabilities as quickly as possible." - Rich Campagna, SVP Palo Alto Networks.

References:

Vulnerability volumes are clearly trending up, with a short-term spike in public disclosures tied to AI-assisted discovery. What's less clear is whether these volumes will be sustained, or whether this is a temporary surge as better AI models are pointed at different code bases and new models continue to surface vulnerabilities. Most defenders are starting to see the initial impact of AI-assisted vulnerabilities in their backlogs and should plan for sustained volumes over time. That reinforces the importance of patching early and often, updating to the latest version when possible, and using threat intelligence to prioritize emerging threats that are being actively exploited or likely to be.

VulnCheck is helping organizations not just to solve the vulnerability prioritization challenge - we’re working to help equip any product manager, CSIRT/PSIRT or SecOps team and Threat Hunting team to get faster and more accurate with infinite efficiency using VulnCheck solutions.

We knew that we needed better data, faster across the board, in our industry. So that’s what we deliver to the market. We’re going to continue to deliver key insights on vulnerability management, exploitation and major trends we can extrapolate from our dataset to continuously support practitioners.

Are you interested in learning more? If so, VulnCheck's Exploit & Vulnerability Intelligence has broad threat actor coverage. Register and demo our data today.