home.social

#vulnerabilitydiscovery — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #vulnerabilitydiscovery, aggregated by home.social.

  1. “Our study uncovers an unexpected behavior of current LLMs for
    vulnerability discovery. While these models are widely believed
    to offer sophisticated analysis, we find that they largely capture
    basic statistical properties rather than deeper, structural insights of
    code. Simple code metrics can measure the very same properties
    using just a fraction of the computing resources”

    LLM-based Vulnerability Discovery through the Lens of Code Metrics mlsec.org/docs/2026-icse.pdf

    #LLM #VulnerabilityDiscovery

  2. “Our study uncovers an unexpected behavior of current LLMs for
    vulnerability discovery. While these models are widely believed
    to offer sophisticated analysis, we find that they largely capture
    basic statistical properties rather than deeper, structural insights of
    code. Simple code metrics can measure the very same properties
    using just a fraction of the computing resources”

    LLM-based Vulnerability Discovery through the Lens of Code Metrics mlsec.org/docs/2026-icse.pdf

    #LLM #VulnerabilityDiscovery

  3. “Our study uncovers an unexpected behavior of current LLMs for
    vulnerability discovery. While these models are widely believed
    to offer sophisticated analysis, we find that they largely capture
    basic statistical properties rather than deeper, structural insights of
    code. Simple code metrics can measure the very same properties
    using just a fraction of the computing resources”

    LLM-based Vulnerability Discovery through the Lens of Code Metrics mlsec.org/docs/2026-icse.pdf

    #LLM #VulnerabilityDiscovery

  4. “Our study uncovers an unexpected behavior of current LLMs for
    vulnerability discovery. While these models are widely believed
    to offer sophisticated analysis, we find that they largely capture
    basic statistical properties rather than deeper, structural insights of
    code. Simple code metrics can measure the very same properties
    using just a fraction of the computing resources”

    LLM-based Vulnerability Discovery through the Lens of Code Metrics mlsec.org/docs/2026-icse.pdf

    #LLM #VulnerabilityDiscovery

  5. “Our study uncovers an unexpected behavior of current LLMs for
    vulnerability discovery. While these models are widely believed
    to offer sophisticated analysis, we find that they largely capture
    basic statistical properties rather than deeper, structural insights of
    code. Simple code metrics can measure the very same properties
    using just a fraction of the computing resources”

    LLM-based Vulnerability Discovery through the Lens of Code Metrics mlsec.org/docs/2026-icse.pdf

    #LLM #VulnerabilityDiscovery

  6. Vulnerability Discovery Outpaces Remediation Infrastructure

    The latest AI-powered vulnerability discovery tool, Anthropic's Claude Mythos Preview, can identify a massive number of security risks at unprecedented speed, raising crucial questions about whether organizations can keep up with remediation. With AI outpacing human teams, the real challenge now is turning these findings into actionable…

    osintsights.com/vulnerability-

    #VulnerabilityDiscovery #Ai #ClaudeMythos #Anthropic #EmergingThreats

  7. Open Source Models Challenge Dominance in Automated Bug Finding

    The impressive performance of Anthropic's Mythos in automated bug finding, which uncovered 271 Firefox flaws, has been called into question by Ari Herbert-Voss, who argues that open-source models can be just as effective. Herbert-Voss suggests that Mythos's success can be attributed to its ability to detect both simple and…

    osintsights.com/open-source-mo

    #AutomatedBugFinding #VulnerabilityDiscovery #OpenSource #AiSecurity #BlackHatAsia

  8. Anthropic's Claude Mythos Exposes AI Vulnerability Risks

    The recent exposure of Anthropic's Claude Mythos highlights a chilling reality: AI tools designed to improve software quality can be easily repurposed to accelerate vulnerability discovery for malicious ends. This underscores the growing threat of AI-powered attacks, as malicious actors exploit commercial tools…

    osintsights.com/anthropics-cla

    #AiVulnerabilityRisks #EmergingThreats #VulnerabilityDiscovery #AiSecurity #CommercialToolingMisuse

  9. AI Models Turbocharge Vulnerability Discovery

    Imagine a world where AI models don't just help find software bugs, but actually behave like expert security researchers - that's the reality we're facing, and it's changing the vulnerability discovery game. Frontier AI models are now capable of autonomously discovering zero-day vulnerabilities and speeding up patching processes.

    osintsights.com/ai-models-turb

    #VulnerabilityDiscovery #AiModels #ZeroDay #AutonomousSecurityResearch #FrontierAi

  10. AI Models Accelerate Vulnerability Discovery, Pressing Defenders to Adapt

    The double-edged sword of AI: while it's being used to help developers, it's also become a powerful tool for attackers to rapidly discover and exploit software flaws, forcing defenders to scramble to keep up. As AI-powered vulnerability discovery accelerates, the pressure is on for defenders to adapt and…

    osintsights.com/ai-models-acce

    #VulnerabilityDiscovery #AiModels #EmergingThreats #ExploitDevelopment #ThreatIntelligence

  11. AI-Driven Vulnerability Risks Expose Security Teams to Reality Check

    The AI-driven vulnerability landscape just got a harsh reality check: with AI-powered tools like Anthropic's Claude Mythos speeding up vulnerability discovery, security teams are facing a daunting new challenge - keeping up with the rapid pace of exploit development. The real question is, are…

    osintsights.com/ai-driven-vuln

    #AidrivenVulnerability #VulnerabilityDiscovery #EmergingThreats #ArtificialIntelligence #ThreatIntelligence

  12. Claude AI Uncovers 13-Year-Old Apache ActiveMQ Bug

    Meet the AI that just uncovered a 13-year-old secret: Anthropic's Claude helped researchers discover a long-hidden vulnerability in Apache ActiveMQ Classic, a flaw that had been quietly lurking for over a decade. This groundbreaking find is a testament to the power of AI-assisted research in uncovering even the most elusive bugs.

    osintsights.com/claude-ai-unco

    #ApacheActivemq #ArtificialIntelligence #VulnerabilityDiscovery #EmergingThreats #ClaudeAi

  13. The Ultimate Bug Hunter's Recon workflow: From Subdomains to Critical Vulnerabilities
    This article presents a comprehensive, methodical reconnaissance methodology for bug bounty hunting that systematically discovers vulnerabilities through a 24-step automated pipeline. The workflow combines multiple reconnaissance tools (ffuf, httpx, dnsx, naabu, nuclei, gau, waybackurls, dalfox, and custom scripts) to identify attack surfaces across subdomains, ports, technologies, and endpoint discovery. The methodology follows a structured approach: initial scoping and subdomain enumeration → DNS and alive host enrichment → port/service enumeration → vulnerability scanning with Nuclei → sensitive file discovery → network reconnaissance (certificates, PTR records) → URL extraction and crawling → XSS and SQL injection testing → log file analysis → JavaScript analysis for secrets → and manual triage. The workflow is designed to be repeatable, instrumented, and automated through shell one-liners and scripts, allowing hunters to process large scope targets efficiently. Key innovations include multi-tool chaining, rate limiting strategies, output deduplication using `anew`, and comprehensive coverage of common vulnerability classes (XSS, SQLi, SSRF, Open Redirect, LFI, IDOR). The methodology emphasizes responsible testing practices, proper authorization, and systematic documentation of findings through intermediate file outputs. Impact includes systematic discovery of forgotten assets, misconfigured endpoints, exposed secrets, and various security vulnerabilities across the target attack surface. The article provides practical command sequences, tool configurations, and tips for avoiding common pitfalls in large-scale reconnaissance operations #infosec #BugBounty #Reconnaissance #Automation #SecurityTesting #VulnerabilityDiscovery
    medium.com/@manojxshrestha/the

  14. The Ultimate Bug Hunter's Recon workflow: From Subdomains to Critical Vulnerabilities
    This article presents a comprehensive, methodical reconnaissance methodology for bug bounty hunting that systematically discovers vulnerabilities through a 24-step automated pipeline. The workflow combines multiple reconnaissance tools (ffuf, httpx, dnsx, naabu, nuclei, gau, waybackurls, dalfox, and custom scripts) to identify attack surfaces across subdomains, ports, technologies, and endpoint discovery. The methodology follows a structured approach: initial scoping and subdomain enumeration → DNS and alive host enrichment → port/service enumeration → vulnerability scanning with Nuclei → sensitive file discovery → network reconnaissance (certificates, PTR records) → URL extraction and crawling → XSS and SQL injection testing → log file analysis → JavaScript analysis for secrets → and manual triage. The workflow is designed to be repeatable, instrumented, and automated through shell one-liners and scripts, allowing hunters to process large scope targets efficiently. Key innovations include multi-tool chaining, rate limiting strategies, output deduplication using `anew`, and comprehensive coverage of common vulnerability classes (XSS, SQLi, SSRF, Open Redirect, LFI, IDOR). The methodology emphasizes responsible testing practices, proper authorization, and systematic documentation of findings through intermediate file outputs. Impact includes systematic discovery of forgotten assets, misconfigured endpoints, exposed secrets, and various security vulnerabilities across the target attack surface. The article provides practical command sequences, tool configurations, and tips for avoiding common pitfalls in large-scale reconnaissance operations #infosec #BugBounty #Reconnaissance #Automation #SecurityTesting #VulnerabilityDiscovery
    medium.com/@manojxshrestha/the

  15. These tree-sitter syntax trees seem like a useful tool for (language agnostic) bug hunting. There are certainly some interesting data science projects waiting too.

  16. These tree-sitter syntax trees seem like a useful tool for (language agnostic) bug hunting. There are certainly some interesting data science projects waiting too.

    #vulnerabilitydiscovery #datascience

  17. These tree-sitter syntax trees seem like a useful tool for (language agnostic) bug hunting. There are certainly some interesting data science projects waiting too.

    #vulnerabilitydiscovery #datascience

  18. These tree-sitter syntax trees seem like a useful tool for (language agnostic) bug hunting. There are certainly some interesting data science projects waiting too.

    #vulnerabilitydiscovery #datascience