top of page
ALL POSTS
Anthropic's Claude Mythos AI Uncovers 10,000+ Critical Software Vulnerabilities in First Month
Key Findings Project Glasswing, Anthropic's month-old initiative using Claude Mythos AI, uncovered over 10,000 high or critical-severity vulnerabilities in systemically important software Partner bug discovery rates increased more than tenfold, with Cloudflare identifying 2,000 bugs across critical systems Independent security evaluations confirmed over 90% validity of flagged vulnerabilities, with over 62% confirmed as high or critical severity A critical certificate forgery
May 263 min read
Pwn2Own Berlin 2026: DEVCORE Wins Master of Pwn with $1.298M in Payouts
Key Findings DEVCORE dominated Pwn2Own Berlin 2026, claiming Master of Pwn with 50.5 points and $505,000 in earnings Three-day competition yielded 47 unique zero-days with $1,298,250 in total payouts STARLabs SG finished second with 25 points and $242,500; Out Of Bounds took third with 12.75 points and $95,750 Microsoft SharePoint successfully exploited after surviving day two attempt OpenAI Codex compromised three separate times by different researchers using different techn
May 173 min read
Google Reshapes Bug Bounty Payouts: Android Rewards Surge While Chrome Bounties Decline in AI Era
Key Findings Google increased Android bug bounty rewards up to $1.5 million for zero-click Pixel exploits, while Chrome payouts dropped significantly across most categories The overhaul prioritizes high-impact vulnerabilities and those resistant to AI detection, shifting focus from quantity to quality Chrome base rewards for memory safety issues fell to $500 with multipliers, down from previous levels, with some rewards now 10 times smaller Google phased out bonuses for arbit
May 33 min read
Claude Opus Generated a Chrome Exploit for $2,283
Key Findings Claude Opus 4.6 successfully generated a functional Chrome exploit chain for $2,283 in API costs across 2.33 billion tokens The exploit targeted Discord's bundled Chrome version 138, which lagged nine major versions behind current upstream releases Exploit development required approximately 20 hours of human guidance, with the AI frequently getting stuck and requiring operator intervention Bug bounty programs like Google's v8CTF offer $5,000-$10,000 per valid exp
Apr 204 min read
bottom of page
