n mid-April 2026, Context.ai was breached and used as a pivot into a Vercel employee’s Google Workspace account. From there, the threat actor pivoted into Vercel’s production environment. Vercel’s CEO Guillermo Rauch provided an update that is more noteworthy than the breach itself. In a tweet providing more details he said:

We believe the attacking group to be highly sophisticated and, I strongly suspect, significantly accelerated by AI. They moved with surprising velocity and in-depth understanding of Vercel.

Anyone doing red team work already knows this. — Read More

Two weeks ago, Anthropic announced that its new model, Claude Mythos Preview, can autonomously find and weaponize software vulnerabilities, turning them into working exploits without expert guidance. These were vulnerabilities in key software like operating systems and internet infrastructure that thousands of software developers working on those systems failed to find. This capability will have major security implications, compromising the devices and services we use every day. As a result, Anthropic is not releasing the model to the general public, but instead to a limited number of companies.

The news rocked the internet security community. There were few details in Anthropic’s announcement, angering many observers. Some speculate that Anthropic doesn’t have the GPUs to run the thing, and that cybersecurity was the excuse to limit its release. Others argue Anthropic is holding to its AI safety mission. There’s hype and counterhype, reality and marketing. It’s a lot to sort out, even if you’re an expert.

We see Mythos as a real but incremental step, one in a long line of incremental steps. But even incremental steps can be important when we look at the big picture. — Read More

As reasoning capacity and deployment scope grow in tandem, large language models (LLMs) gain the capacity to engage in behaviors that serve their own objectives, a class of risks we term Emergent Strategic Reasoning Risks (ESRRs). These include, but are not limited to, deception (intentionally misleading users or evaluators), evaluation gaming (strategically manipulating performance during safety testing), and reward hacking (exploiting misspecified objectives). Systematically understanding and benchmarking these risks remains an open challenge. To address this gap, we introduce ESRRSim, a taxonomy-driven agentic framework for automated behavioral risk evaluation. We construct an extensible risk taxonomy of 7 categories, which is decomposed into 20 subcategories. ESRRSim generates evaluation scenarios designed to elicit faithful reasoning, paired with dual rubrics assessing both model responses and reasoning traces, in a judge-agnostic and scalable architecture. Evaluation across 11 reasoning LLMs reveals substantial variation in risk profiles (detection rates ranging 14.45%-72.72%), with dramatic generational improvements suggesting models may increasingly recognize and adapt to evaluation contexts. — Read More

#cyber

Anthropic’s marketing team has been pushing its new Mythos cybersecurity model and the volume of vulnerabilities it’s finding. According to Mozilla, those findings appear to be legitimate. If the pace holds up near term, a lot of people inside and outside the industry are worried, with good reason, and wondering if this is the new normal.

As someone who’s been writing detection logic for cybersecurity vendors for nearly a decade, these numbers are less scary and less world-ending than they appear. I’ve managed SOCs that regularly went up against state-sponsored actors, in the role where our organization won the Cogswell Award from the Defense Counterintelligence Agency. I’ve worked for a Fortune 100 doing detection at an enterprise scale most engineers never get to see, and put out the first public white paper on detection as code. All of that to say, I’ve been at it for quite some time now. While I think the short-term impact of models like Mythos is going to be rough, I also believe It’s also a lot less bad than people are making it out to be. — Read More

Choosing the right integration pattern for a high-scale incident journey isn’t always straightforward. Imagine severe weather hitting your country or region so hard that it leads to outages across the power grid. Now imagine that as an architect, you are on the hook to design the architecture that helps deal with the fallout of such a crisis. You must identify affected parties across multiple systems and trigger automated, personalized notifications based on real-time data.

In this recap of episode three of Think Like an Architect, we reconstruct the architectural thinking process for this scenario, which was originally done in real time during the livestream. Rather than just looking at a finished architectural design, following along with this process will strengthen the mental muscles you need to evaluate requirements, weigh options, and justify a solution direction. — Read More

The offensive capabilities of large language models (LLMs) have until recently existed as theoretical risks – frequently discussed at security conferences and in conceptual industry reports, but rarely discovered in practical exploits. However, in November 2025, Anthropic published a pivotal report documenting a state-sponsored espionage campaign. In this operation, AI didn’t just assist human operators – it became the operator, performing 80-90% of the campaign autonomously, at speeds that no human team could match.

This disclosure shifted the conversation from “could this happen?” to “this is happening.” But it also raised practical questions: Can AI actually operate autonomously end-to-end, or does it still require human guidance at each decision point? Where do current LLM capabilities excel, and where do they fall short compared to skilled human operators?

To answer these questions, we built a multi-agent penetration testing proof of concept (PoC), designed to empirically test autonomous AI offensive capabilities against cloud environments. — Read More

Anthropic said Mythos was too dangerous to release. Then four random guys in a Discord gained access on day one by guessing the URL… — Read More

#cyber

I’ve been getting more and more curious about the risk from Anthropic’s Claude Mythos Preview. So I pulled the system card, a whoppingly inefficient 244-page document that devotes just seven pages to the claim that the model is too dangerous to release. In fact, the 23MB of PDF I had to download was 20MB of wasted time and space. Compressing the PDF to 3MB meant I lost exactly nothing.

Foreshadowing, I guess.

Spoiler alert: the crucial seven pages out of 244 do not contain the word “fuzzer” once. That’s like a seven page vacation brochure for Hawaii that leaves out the word beaches.

Also, the crucial seven pages out of 244 do not contain the expected acronyms CVSS, CWE or CVE, they do not have comparison baseline, an independent reproduction, or the word “thousands.” I’ll get back to all of that in a minute. — Read More

LLM Agents can Autonomously Exploit One-day Vulnerabilities demonstrated that frontier models can exploit known vulnerabilities when given appropriate tooling. And if you have used Claude Code, there is no doubt you’ve either used it or have seen how well it can reverse engineer.

However, Benchmarking Practices in LLM-driven Offensive Security surveyed multiple papers in this space and found that only around 25% evaluated local or small models. The majority relied on GPT-4 or similar cloud-hosted frontier models, often with CTF-style challenges where hints were embedded in the prompt.

In this work, I defined a set of simple challenges to give a locally hosted model a single HTTP request tool that pointed to Juice Shop. The amount of guidance varies by challenge, and some provide only an endpoint and a goal. Whereas others include step-by-step instructions, but in all cases, the model must craft and execute the actual payloads. As it goes on, there are caveats that are added and anecdotal notes. — Read More

InfoSec has a bad habit of acting like history started this morning. Something new lands, the industry loses its mind for a week, vendors start talking like the old rules no longer apply, and half the industry suddenly forgets how organizations actually get compromised.

We are doing that again with Mythos.

Mythos is legitimately impressive. It is very good at finding bugs, useful for exploit development, and materially improves the speed and quality of vulnerability research work. Anyone pretending otherwise is coping. But the conversation around it is already drifting into the same bad pattern this industry falls into every time a new offensive capability shows up: people fixate on the most technically dramatic part of the story and lose sight of what actually matters operationally.

That is the problem. The question is not whether Mythos is good at bug hunting and helping write exploits, it clearly is. The question is what that means for most defenders right now, and the answer is not “drop everything, autonomous zero-day machines are now the main thing compromising your environment.”

For most organizations, the bigger problem is still much more boring and damaging: ransomware crews, extortion operations, stolen credentials, phishing, exposed edge services, weak identity controls, stale appliances, known vulnerabilities, bad segmentation, and environments where once somebody gets in, they can move far too easily. Mythos does not replace that reality, it lands on top of it. If you miss that, you end up having the wrong conversation and spending your time talking about AI-generated zero-day storms while attackers keep getting paid through the same doors defenders left open last quarter. — Read More