#vulnerabilitydiscovery — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #vulnerabilitydiscovery, aggregated by home.social.
-
Multi-Agent LLM System for Automated Vulnerability Discovery and Reproduction
https://arxiv.org/abs/2605.21779
#HackerNews #MultiAgent #LLM #VulnerabilityDiscovery #AutomatedTesting #AIResearch
-
“Our study uncovers an unexpected behavior of current LLMs for
vulnerability discovery. While these models are widely believed
to offer sophisticated analysis, we find that they largely capture
basic statistical properties rather than deeper, structural insights of
code. Simple code metrics can measure the very same properties
using just a fraction of the computing resources”LLM-based Vulnerability Discovery through the Lens of Code Metrics https://mlsec.org/docs/2026-icse.pdf
-
“Our study uncovers an unexpected behavior of current LLMs for
vulnerability discovery. While these models are widely believed
to offer sophisticated analysis, we find that they largely capture
basic statistical properties rather than deeper, structural insights of
code. Simple code metrics can measure the very same properties
using just a fraction of the computing resources”LLM-based Vulnerability Discovery through the Lens of Code Metrics https://mlsec.org/docs/2026-icse.pdf
-
“Our study uncovers an unexpected behavior of current LLMs for
vulnerability discovery. While these models are widely believed
to offer sophisticated analysis, we find that they largely capture
basic statistical properties rather than deeper, structural insights of
code. Simple code metrics can measure the very same properties
using just a fraction of the computing resources”LLM-based Vulnerability Discovery through the Lens of Code Metrics https://mlsec.org/docs/2026-icse.pdf
-
“Our study uncovers an unexpected behavior of current LLMs for
vulnerability discovery. While these models are widely believed
to offer sophisticated analysis, we find that they largely capture
basic statistical properties rather than deeper, structural insights of
code. Simple code metrics can measure the very same properties
using just a fraction of the computing resources”LLM-based Vulnerability Discovery through the Lens of Code Metrics https://mlsec.org/docs/2026-icse.pdf
-
“Our study uncovers an unexpected behavior of current LLMs for
vulnerability discovery. While these models are widely believed
to offer sophisticated analysis, we find that they largely capture
basic statistical properties rather than deeper, structural insights of
code. Simple code metrics can measure the very same properties
using just a fraction of the computing resources”LLM-based Vulnerability Discovery through the Lens of Code Metrics https://mlsec.org/docs/2026-icse.pdf
-
Amid Mythos' hyped cybersecurity prowess, researchers find GPT-5.5 is just as good - Ars Technica https://arstechnica.com/ai/2026/05/amid-mythos-hyped-cybersecurity-prowess-researchers-find-gpt-5-5-is-just-as-good/ #cybersecurity #AI #Mythos #ChatGPT5.5 #VulnerabilityDiscovery
-
Amid Mythos' hyped cybersecurity prowess, researchers find GPT-5.5 is just as good - Ars Technica https://arstechnica.com/ai/2026/05/amid-mythos-hyped-cybersecurity-prowess-researchers-find-gpt-5-5-is-just-as-good/ #cybersecurity #AI #Mythos #ChatGPT5.5 #VulnerabilityDiscovery
-
Amid Mythos' hyped cybersecurity prowess, researchers find GPT-5.5 is just as good - Ars Technica https://arstechnica.com/ai/2026/05/amid-mythos-hyped-cybersecurity-prowess-researchers-find-gpt-5-5-is-just-as-good/ #cybersecurity #AI #Mythos #ChatGPT5.5 #VulnerabilityDiscovery
-
Amid Mythos' hyped cybersecurity prowess, researchers find GPT-5.5 is just as good - Ars Technica https://arstechnica.com/ai/2026/05/amid-mythos-hyped-cybersecurity-prowess-researchers-find-gpt-5-5-is-just-as-good/ #cybersecurity #AI #Mythos #ChatGPT5.5 #VulnerabilityDiscovery
-
Amid Mythos' hyped cybersecurity prowess, researchers find GPT-5.5 is just as good - Ars Technica https://arstechnica.com/ai/2026/05/amid-mythos-hyped-cybersecurity-prowess-researchers-find-gpt-5-5-is-just-as-good/ #cybersecurity #AI #Mythos #ChatGPT5.5 #VulnerabilityDiscovery
-
Vulnerability Discovery Outpaces Remediation Infrastructure
The latest AI-powered vulnerability discovery tool, Anthropic's Claude Mythos Preview, can identify a massive number of security risks at unprecedented speed, raising crucial questions about whether organizations can keep up with remediation. With AI outpacing human teams, the real challenge now is turning these findings into actionable…
#VulnerabilityDiscovery #Ai #ClaudeMythos #Anthropic #EmergingThreats
-
Open Source Models Challenge Dominance in Automated Bug Finding
The impressive performance of Anthropic's Mythos in automated bug finding, which uncovered 271 Firefox flaws, has been called into question by Ari Herbert-Voss, who argues that open-source models can be just as effective. Herbert-Voss suggests that Mythos's success can be attributed to its ability to detect both simple and…
#AutomatedBugFinding #VulnerabilityDiscovery #OpenSource #AiSecurity #BlackHatAsia
-
Anthropic's Claude Mythos Exposes AI Vulnerability Risks
The recent exposure of Anthropic's Claude Mythos highlights a chilling reality: AI tools designed to improve software quality can be easily repurposed to accelerate vulnerability discovery for malicious ends. This underscores the growing threat of AI-powered attacks, as malicious actors exploit commercial tools…
#AiVulnerabilityRisks #EmergingThreats #VulnerabilityDiscovery #AiSecurity #CommercialToolingMisuse
-
AI Models Turbocharge Vulnerability Discovery
Imagine a world where AI models don't just help find software bugs, but actually behave like expert security researchers - that's the reality we're facing, and it's changing the vulnerability discovery game. Frontier AI models are now capable of autonomously discovering zero-day vulnerabilities and speeding up patching processes.
#VulnerabilityDiscovery #AiModels #ZeroDay #AutonomousSecurityResearch #FrontierAi
-
AI Models Accelerate Vulnerability Discovery, Pressing Defenders to Adapt
The double-edged sword of AI: while it's being used to help developers, it's also become a powerful tool for attackers to rapidly discover and exploit software flaws, forcing defenders to scramble to keep up. As AI-powered vulnerability discovery accelerates, the pressure is on for defenders to adapt and…
#VulnerabilityDiscovery #AiModels #EmergingThreats #ExploitDevelopment #ThreatIntelligence
-
AI-Driven Vulnerability Risks Expose Security Teams to Reality Check
The AI-driven vulnerability landscape just got a harsh reality check: with AI-powered tools like Anthropic's Claude Mythos speeding up vulnerability discovery, security teams are facing a daunting new challenge - keeping up with the rapid pace of exploit development. The real question is, are…
#AidrivenVulnerability #VulnerabilityDiscovery #EmergingThreats #ArtificialIntelligence #ThreatIntelligence
-
Claude AI Uncovers 13-Year-Old Apache ActiveMQ Bug
Meet the AI that just uncovered a 13-year-old secret: Anthropic's Claude helped researchers discover a long-hidden vulnerability in Apache ActiveMQ Classic, a flaw that had been quietly lurking for over a decade. This groundbreaking find is a testament to the power of AI-assisted research in uncovering even the most elusive bugs.
#ApacheActivemq #ArtificialIntelligence #VulnerabilityDiscovery #EmergingThreats #ClaudeAi
-
The Ultimate Bug Hunter's Recon workflow: From Subdomains to Critical Vulnerabilities
This article presents a comprehensive, methodical reconnaissance methodology for bug bounty hunting that systematically discovers vulnerabilities through a 24-step automated pipeline. The workflow combines multiple reconnaissance tools (ffuf, httpx, dnsx, naabu, nuclei, gau, waybackurls, dalfox, and custom scripts) to identify attack surfaces across subdomains, ports, technologies, and endpoint discovery. The methodology follows a structured approach: initial scoping and subdomain enumeration → DNS and alive host enrichment → port/service enumeration → vulnerability scanning with Nuclei → sensitive file discovery → network reconnaissance (certificates, PTR records) → URL extraction and crawling → XSS and SQL injection testing → log file analysis → JavaScript analysis for secrets → and manual triage. The workflow is designed to be repeatable, instrumented, and automated through shell one-liners and scripts, allowing hunters to process large scope targets efficiently. Key innovations include multi-tool chaining, rate limiting strategies, output deduplication using `anew`, and comprehensive coverage of common vulnerability classes (XSS, SQLi, SSRF, Open Redirect, LFI, IDOR). The methodology emphasizes responsible testing practices, proper authorization, and systematic documentation of findings through intermediate file outputs. Impact includes systematic discovery of forgotten assets, misconfigured endpoints, exposed secrets, and various security vulnerabilities across the target attack surface. The article provides practical command sequences, tool configurations, and tips for avoiding common pitfalls in large-scale reconnaissance operations #infosec #BugBounty #Reconnaissance #Automation #SecurityTesting #VulnerabilityDiscovery
https://medium.com/@manojxshrestha/the-ultimate-bug-hunters-recon-workflow-from-subdomains-to-critical-vulnerabilities-befcef19307f?source=rss------bug_bounty_tips-5 -
The Ultimate Bug Hunter's Recon workflow: From Subdomains to Critical Vulnerabilities
This article presents a comprehensive, methodical reconnaissance methodology for bug bounty hunting that systematically discovers vulnerabilities through a 24-step automated pipeline. The workflow combines multiple reconnaissance tools (ffuf, httpx, dnsx, naabu, nuclei, gau, waybackurls, dalfox, and custom scripts) to identify attack surfaces across subdomains, ports, technologies, and endpoint discovery. The methodology follows a structured approach: initial scoping and subdomain enumeration → DNS and alive host enrichment → port/service enumeration → vulnerability scanning with Nuclei → sensitive file discovery → network reconnaissance (certificates, PTR records) → URL extraction and crawling → XSS and SQL injection testing → log file analysis → JavaScript analysis for secrets → and manual triage. The workflow is designed to be repeatable, instrumented, and automated through shell one-liners and scripts, allowing hunters to process large scope targets efficiently. Key innovations include multi-tool chaining, rate limiting strategies, output deduplication using `anew`, and comprehensive coverage of common vulnerability classes (XSS, SQLi, SSRF, Open Redirect, LFI, IDOR). The methodology emphasizes responsible testing practices, proper authorization, and systematic documentation of findings through intermediate file outputs. Impact includes systematic discovery of forgotten assets, misconfigured endpoints, exposed secrets, and various security vulnerabilities across the target attack surface. The article provides practical command sequences, tool configurations, and tips for avoiding common pitfalls in large-scale reconnaissance operations #infosec #BugBounty #Reconnaissance #Automation #SecurityTesting #VulnerabilityDiscovery
https://medium.com/@manojxshrestha/the-ultimate-bug-hunters-recon-workflow-from-subdomains-to-critical-vulnerabilities-befcef19307f?source=rss------bug_bounty_tips-5 -
These tree-sitter syntax trees seem like a useful tool for (language agnostic) bug hunting. There are certainly some interesting data science projects waiting too.
-
These tree-sitter syntax trees seem like a useful tool for (language agnostic) bug hunting. There are certainly some interesting data science projects waiting too.
-
These tree-sitter syntax trees seem like a useful tool for (language agnostic) bug hunting. There are certainly some interesting data science projects waiting too.
-
These tree-sitter syntax trees seem like a useful tool for (language agnostic) bug hunting. There are certainly some interesting data science projects waiting too.