惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

月光博客
月光博客
T
Tenable Blog
D
DataBreaches.Net
GbyAI
GbyAI
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
腾讯CDC
V
Visual Studio Blog
B
Blog
雷峰网
雷峰网
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
I
InfoQ
M
MIT News - Artificial intelligence
有赞技术团队
有赞技术团队
T
Tailwind CSS Blog
The Cloudflare Blog
L
LangChain Blog
MongoDB | Blog
MongoDB | Blog
Vercel News
Vercel News
Cloudbric
Cloudbric
L
Lohrmann on Cybersecurity
博客园 - 司徒正美
T
The Exploit Database - CXSecurity.com
Google DeepMind News
Google DeepMind News
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Attack and Defense Labs
Attack and Defense Labs
Martin Fowler
Martin Fowler
SecWiki News
SecWiki News
T
Threat Research - Cisco Blogs
J
Java Code Geeks
Cyberwarzone
Cyberwarzone
Forbes - Security
Forbes - Security
Spread Privacy
Spread Privacy
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
大猫的无限游戏
大猫的无限游戏
O
OpenAI News
D
Darknet – Hacking Tools, Hacker News & Cyber Security
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Schneier on Security
Schneier on Security
S
Security @ Cisco Blogs
酷 壳 – CoolShell
酷 壳 – CoolShell
The Hacker News
The Hacker News
H
Help Net Security
Y
Y Combinator Blog
C
Cybersecurity and Infrastructure Security Agency CISA
T
Tor Project blog
量子位
U
Unit 42
S
SegmentFault 最新的问题
V
V2EX
D
Docker

Hugging Face - Blog

Waypoint-1.5: Higher-Fidelity Interactive Worlds for Everyday GPUs ALTK‑Evolve: On‑the‑Job Learning for AI Agents Safetensors is Joining the PyTorch Foundation Holo3: Breaking the Computer Use Frontier Any Custom Frontend with Gradio's Backend A New Framework for Evaluating Voice Agents (EVA) Bringing Robotics AI to Embedded Platforms: Dataset Recording, VLA Fine‑Tuning, and On‑Device Optimizations One-Shot Any Web App with Gradio's gr.HTML CUGA on Hugging Face: Democratizing Configurable AI Agents New in llama.cpp: Model Management Building Deep Research: How we Achieved State of the Art OVHcloud on Hugging Face Inference Providers 🔥 20x Faster TRL Fine-tuning with RapidFire AI Building for an Open Future - our new partnership with Google Cloud Aligning to What? Rethinking Agent Generalization in MiniMax M2 Building a Healthcare Robot from Simulation to Deployment with NVIDIA Isaac Sentence Transformers is joining Hugging Face! Unlock the power of images with AI Sheets Supercharge your OCR Pipelines with Open Models Google Cloud C4 Brings a 70% TCO improvement on GPT OSS with Intel and Hugging Face Get your VLM running in 3 simple steps on Intel CPUs Nemotron-Personas-India: Synthesized Data for Sovereign AI Introducing RTEB: A New Standard for Retrieval Evaluation Accelerating Qwen3-8B Agent on Intel® Core™ Ultra with Depth-Pruned Draft Models VibeGame: Exploring Vibe Coding Games Nemotron-Personas-Japan: ソブリン AI のための合成データセット Swift Transformers Reaches 1.0 – and Looks to the Future Smol2Operator: Post-Training GUI Agents for Computer Use SyGra: The One-Stop Framework for Building Data for LLMs and SLMs Gaia2 and ARE: Empowering the community to study agents Scaleway on Hugging Face Inference Providers 🔥 Democratizing AI Safety with RiskRubric.ai Public AI on Hugging Face Inference Providers 🔥 `LeRobotDataset:v3.0`: Bringing large-scale datasets to `lerobot` Visible Watermarking with Gradio Introducing the Palmyra-mini family: Powerful, lightweight, and ready to reason! Tricks from OpenAI gpt-oss YOU 🫵 can use with transformers Fine-tune Any LLM from the Hugging Face Hub with Together AI Jupyter Agents: training LLMs to reason with notebooks mmBERT: ModernBERT goes Multilingual Welcome EmbeddingGemma, Google's new efficient embedding model SAIR: Accelerating Pharma R&D with AI-Powered Structural Intelligence Make your ZeroGPU Spaces go brrr with ahead-of-time compilation NVIDIA Releases 6 Million Multi-Lingual Reasoning Dataset Generate Images with Claude and Hugging Face From Zero to GPU: A Guide to Building and Scaling Production-Ready CUDA Kernels MCP for Research: How to Connect AI to Research Tools Kimina-Prover-RL Arm & ExecuTorch 0.7: Bringing Generative AI to the masses Neural Super Sampling is here! TextQuests: How Good are LLMs at Text-Based Video Games? 🇵🇭 FilBench - Can LLMs Understand and Generate Filipino? Introducing AI Sheets: a tool to work with datasets using open AI models! Accelerate ND-Parallel: A guide to Efficient Multi-GPU Training Vision Language Model Alignment in TRL ⚡️ Welcome GPT OSS, the new open-source model family from OpenAI! Measuring Open-Source Llama Nemotron Models on DeepResearch Bench 📚 3LM: A Benchmark for Arabic LLMs in STEM and Code Implementing MCP Servers in Python: An AI Shopping Assistant with Gradio Introducing Trackio: A Lightweight Experiment Tracking Library from Hugging Face Say hello to `hf`: a faster, friendlier Hugging Face CLI ✨ Parquet Content-Defined Chunking TimeScope: How Long Can Your Video Large Multimodal Model Go? Fast LoRA inference for Flux with Diffusers and PEFT Accelerate a World of LLMs on Hugging Face with NVIDIA NIM Arc Virtual Cell Challenge: A Primer Consilium: When Multiple LLMs Collaborate Back to The Future: Evaluating AI Agents on Predicting Future Events Five Big Improvements to Gradio MCP Servers Ettin Suite: SoTA Paired Encoders and Decoders Migrating the Hub from Git LFS to Xet Kimina-Prover: Applying Test-time RL Search on Large Formal Reasoning Models Asynchronous Robot Inference: Decoupling Action Prediction and Execution ScreenEnv: Deploy your full stack Desktop Agent Building the Hugging Face MCP Server Reachy Mini - The Open-Source Robot for Today's and Tomorrow's AI Builders Creating custom kernels for the AMD MI300 Upskill your LLMs With Gradio MCP Servers SmolLM3: smol, multilingual, long-context reasoner Three Mighty Alerts Supporting Hugging Face’s Production Infrastructure Efficient MultiModal Data Pipeline Announcing NeurIPS 2025 E2LM Competition: Early Training Evaluation of Language Models Training and Finetuning Sparse Embedding Models with Sentence Transformers Welcome the NVIDIA Llama Nemotron Nano VLM to Hugging Face Hub Gemma 3n fully available in the open-source ecosystem! Transformers backend integration in SGLang (LoRA) Fine-Tuning FLUX.1-dev on Consumer Hardware Groq on Hugging Face Inference Providers 🔥 How Long Prompts Block Other Requests - Optimizing LLM Performance Learn the Hugging Face Kernel Hub in 5 Minutes Convert Transformers to ONNX with Hugging Face Optimum Intel and Hugging Face Partner to Democratize Machine Learning Hardware Acceleration Director of Machine Learning Insights [Part 3: Finance Edition] The Annotated Diffusion Model Deep Q-Learning with Space Invaders Graphcore and Hugging Face Launch New Lineup of IPU-Ready Transformers Introducing Pull Requests and Discussions 🥳 Efficient Table Pre-training without Real Data: An Introduction to TAPEX An Introduction to Q-Learning Part 2/2 How Sempre Health is leveraging the Expert Acceleration Program to accelerate their ML roadmap
AI and the Future of Cybersecurity: Why Openness Matters
Margaret Mitchell · 2026-04-21 · via Hugging Face - Blog

Back to Articles

Huggy with a magnifying glass, against a backdrop with a gradient of black to white. Writing at the bottom in white says Cybersecurity and Openness

Following the announcement of Mythos and Project Glasswing, institutions throughout the world are grappling with the potential dawn of a new era of cybersecurity. In this post, we break down the current situation, discuss the role of openness, and situate the future of cybersecurity within the larger AI ecosystem.

What is Mythos?

Mythos is a “frontier AI model”, a large language model (LLM) that can be used to process software code (among many other things). This follows a general trend in LLM development, where LLM performance on code-related tasks has recently skyrocketed. What’s particularly significant about Mythos is the system it’s embedded within: It's the system, not the model alone, that has enabled Mythos to rapidly find and patch software vulnerabilities. Understanding this distinction is key to understanding the current landscape of AI cybersecurity.

What Mythos demonstrates is that the following system recipe is powerful:

  • substantial compute power
  • models trained on troves of software-relevant data
  • scaffolding built to handle software vulnerability probing and patching
  • speed (enabled by compute power and the capital behind it)
  • some degree of system autonomy

Together, these ingredients can uncover software vulnerabilities, find exploits, and build patches. It’s in this recipe — not in any one model — that both the benefits and the risks come in.

This matters because others can build comparable systems. Smaller models embedded in systems built with deep security expertise could potentially produce similar outcomes more cheaply, which is particularly promising for defense. AI cybersecurity capability is jagged: It doesn’t scale smoothly with model size or general benchmark performance. The system the model is embedded within matters a lot.

So what Mythos has demonstrated is that it’s possible to build an AI system that finds and addresses software vulnerabilities. We already knew this was possible and there has been increasing work on this, but we’re just beginning to explore what it means in the context of agentic AI: Systems that can rapidly and autonomously take action.

How Openness Can Be a Structural Advantage

As autonomous systems that identify software vulnerabilities proliferate (and they will), open code and tooling can help level the playing field. Software security has become a speed race across four stages: detection, verification, coordination, and patch propagation. Open ecosystems distribute these across a community, where more closed-source projects centralize knowledge and action across all four stages inside a single vendor, representing a single point of failure where only one organization can see and fix the code. The distributed nature of open development is robust to such constraints, and can be especially powerful in communities with dedicated security professionals, like the Linux kernel security team, the Open Source Security Foundation, and the team at Hugging Face working on model and supply-chain security.

A common argument for more closed systems is proprietary obscurity, where the code underlying a system is inaccessible. Unfortunately, this provides less protection than it used to. AI systems are increasingly able to assist with reverse engineering of stripped binaries, which matters because most legacy firmware and embedded code is closed, binary-only, and no longer maintained. That code represents a huge attack surface, and it’s becoming more legible and accessible as AI tools improve.

There’s also a risk created by how AI is being used inside closed codebases. When companies adopt AI coding tools under the wrong incentives (for instance, evaluating engineers by the volume of features shipped rather than code quality) AI-accelerated development can introduce more vulnerabilities into proprietary code than traditional development would. Those vulnerabilities then sit inside a closed codebase where only one organization can find and fix them, while AI-enabled attackers are increasingly capable of discovering them from the outside. The combination of more vulnerabilities produced more quickly, behind a single-organization firewall, is exactly the kind of imbalance that open ecosystems are positioned to avoid.

Underlying all of this is capability asymmetry between attackers and defenders. Open models and open tooling narrow that gap by giving defenders access to the same class of capabilities attackers can reach for — capabilities that would otherwise be concentrated within a small number of well-resourced entities.

Building Defenses with Open Tools and Semi-Autonomous Agents

Cybersecurity defense is where open source and AI agents can play a key role together. Based on the System Card, it appears that Mythos is capable of operating with close to full autonomy, something we’ve advised against due to the potential loss of control. AI agents that are instead semi-autonomous, where the types of actions they can take are prespecified and certain steps require human approval, hit a sweet spot of benefit and risk. In semi-autonomous systems, people remain in control, and the AI agent is responsible for specific subtasks. This is possible to do with open code that organizations can run privately within their own institutions, specifying allowable tools, skills, and system access privileges. With this setup, AI agents can be deployed defensively, finding vulnerabilities and assisting with patching under an organization’s own controls.

The semi-autonomous approach depends on humans being able to actually understand what an AI agent did and why. That’s much more possible when the system is built on open components, such as open agent scaffolding, open rule engines, and auditable decision logs and traces, than when it’s a black box. The “human in the loop” is only meaningful if the human can see into the loop.

Companies don’t have to build these capabilities entirely from scratch. There’s a rich open-source ecosystem of security tooling, including vulnerability scanners, intrusion detection systems, log analyzers, and fuzzing frameworks, that AI agents can be integrated with.

Why This Matters Especially for High-Stakes Organizations

For high-stakes organizations, starting from open, auditable foundations means security teams can actually inspect how their monitoring works, rather than trusting a single vendor’s claims. This is particularly important where sensitive data and processes are involved, and where sensitive material should generally not be flowing through external AI providers. Open systems can be rigorously analyzed by in-house security professionals, fine-tuned on an organizations’s own secure data, modified to produce organization-specific oversight mechanisms, and run entirely within an organization’s own infrastructure, keeping everything behind appropriate firewalls.

The Path Forward

Attackers will develop models that take advantage of vulnerabilities. A significant part of the answer is leaning into transparent practices: open security reviews, published threat models, shared vulnerability databases, and open tooling that any team can adopt. The alternative of each organization trying to secure itself in isolation with proprietary tools doesn’t scale against attackers who are coordinating and sharing techniques in their own communities.

The future of AI cybersecurity will be shaped less by any single model and more by the ecosystems that surround them. Openness provides defenders with the visibility, the control, the community, and the shared infrastructure to stay ahead.