Skip to main content

Tag: vulnerability scanning

8 articles

Dimly lit server room with rows of computer servers, cables, and softly glowing screens displaying code amidst shadows.

Weak RSA Keys Exposed in Widespread Use

Meet the badkeys project, an open-source service that scans public keys for vulnerabilities, which recently uncovered a surprising pattern of weak RSA keys in widespread use. By analyzing a massive dataset of real-world public keys, the team discovered a substantial number of keys with a suspicious structure, featuring regularly spaced blocks of zero bits and random data.

Analyst 207
People from different departments collaborate around a large table, surrounded by laptops and notes, with code and AI…

UK Hackathons Expose 400+ Vulnerabilities in AI-Powered Code Scans

By empowering teams to build their own AI-powered tooling and iterate on the best approaches, the Government Cyber Coordination Centre (GC3) successfully uncovered over 400 vulnerabilities in a series of innovative hackathons. This collaborative, flexible approach allowed teams to create bespoke solutions that effectively scanned public code repositories across nine government departments.

Analyst 207
Government meeting room with laptop, papers, and network diagram on whiteboard.

Feds Seek Clear Guidance on AI-Powered Vulnerability Scanning Tool

The US government's adoption of a cutting-edge AI-powered vulnerability scanning tool has sparked a heated debate, with select federal agencies gaining access to Anthropic's powerful Mythos model through the secretive Project Glasswing initiative. But with great power comes great risk, and officials are now seeking clear guidance on the tool's use.

Analyst 207
Laptop screen displays code editor with blurred background of software development facility.

AI Agent Exposes 21 Zero-Days in Widely Used FFmpeg Library

In a single, remarkable run, an AI-powered security agent uncovered 21 zero-day vulnerabilities in the widely-used FFmpeg library, a feat that cost just $1,000 and showcases the incredible potential of autonomous security testing. The agent scanned 1.5 million lines of code to produce these groundbreaking findings.

Analyst 207
Laptop screen displays lines of code on a neutral surface with blurred lab background.

Anthropic Expands AI Bug Hunting Program

In just eight weeks, Cisco's AI-powered bug hunting program scanned a staggering 1.8 billion lines of code, a task that would have taken their top security team a whopping eight years to complete. This groundbreaking feat showcases the incredible potential of AI-driven cybersecurity solutions.

Analyst 207
Cluttered desk with laptop, notes, and diagrams, hint of coding tool in background.

Generative AI Exposes Software Vulnerabilities at Scale

Generative AI is rapidly advancing and can now efficiently uncover and exploit software vulnerabilities, prompting companies like Anthropic to carefully manage their powerful models. Anthropic's recent decision to limit access to its Claude Mythos Preview model to a select group of companies highlights the potential risks and costs associated with these cutting-edge AI systems.

Analyst 207
Code review room with laptop and monitor on a clean desk, surrounded by empty whiteboards and a window with natural daylight.

AI-Powered Bug Hunting Spurs Surge in Patches

While AI-powered bug hunting may mean more patches and work for admins in the short term, it also means a significant boost in identifying and fixing security holes - like the 75 issues frontier models found across 130 Palo Alto Networks products. This surge in patches is a small price to pay for a major leap in cybersecurity.

Analyst 207
Developer workstation with code on laptop, coffee, and notes, with a large open-source project repository in the blurred…

Anthropic's Mythos AI Falls Short in Bug-Hunting Test

Anthropic's highly-hyped Mythos AI failed to impress in a recent bug-hunting test against cURL's codebase, with results that were largely dismissed as overhyped marketing. The limited test, run by cURL developer Daniel Stenberg, revealed that Mythos fell short of expectations.

Analyst 207