Tag: vulnerability scanning
8 articles

Weak RSA Keys Exposed in Widespread Use
Meet the badkeys project, an open-source service that scans public keys for vulnerabilities, which recently uncovered a surprising pattern of weak RSA keys in widespread use. By analyzing a massive dataset of real-world public keys, the team discovered a substantial number of keys with a suspicious structure, featuring regularly spaced blocks of zero bits and random data.

UK Hackathons Expose 400+ Vulnerabilities in AI-Powered Code Scans
By empowering teams to build their own AI-powered tooling and iterate on the best approaches, the Government Cyber Coordination Centre (GC3) successfully uncovered over 400 vulnerabilities in a series of innovative hackathons. This collaborative, flexible approach allowed teams to create bespoke solutions that effectively scanned public code repositories across nine government departments.

Feds Seek Clear Guidance on AI-Powered Vulnerability Scanning Tool
The US government's adoption of a cutting-edge AI-powered vulnerability scanning tool has sparked a heated debate, with select federal agencies gaining access to Anthropic's powerful Mythos model through the secretive Project Glasswing initiative. But with great power comes great risk, and officials are now seeking clear guidance on the tool's use.

AI Agent Exposes 21 Zero-Days in Widely Used FFmpeg Library
In a single, remarkable run, an AI-powered security agent uncovered 21 zero-day vulnerabilities in the widely-used FFmpeg library, a feat that cost just $1,000 and showcases the incredible potential of autonomous security testing. The agent scanned 1.5 million lines of code to produce these groundbreaking findings.

Anthropic Expands AI Bug Hunting Program
In just eight weeks, Cisco's AI-powered bug hunting program scanned a staggering 1.8 billion lines of code, a task that would have taken their top security team a whopping eight years to complete. This groundbreaking feat showcases the incredible potential of AI-driven cybersecurity solutions.

Generative AI Exposes Software Vulnerabilities at Scale
Generative AI is rapidly advancing and can now efficiently uncover and exploit software vulnerabilities, prompting companies like Anthropic to carefully manage their powerful models. Anthropic's recent decision to limit access to its Claude Mythos Preview model to a select group of companies highlights the potential risks and costs associated with these cutting-edge AI systems.

AI-Powered Bug Hunting Spurs Surge in Patches
While AI-powered bug hunting may mean more patches and work for admins in the short term, it also means a significant boost in identifying and fixing security holes - like the 75 issues frontier models found across 130 Palo Alto Networks products. This surge in patches is a small price to pay for a major leap in cybersecurity.

Anthropic's Mythos AI Falls Short in Bug-Hunting Test
Anthropic's highly-hyped Mythos AI failed to impress in a recent bug-hunting test against cURL's codebase, with results that were largely dismissed as overhyped marketing. The limited test, run by cURL developer Daniel Stenberg, revealed that Mythos fell short of expectations.