CIRCLE WITH A DOT

Going live in a bit. check it out in the next 15 min !#Glassof0J #AI #Glasswing #Anthropic #Mythos #InfoSec #Hackinghttps://youtube.com/live/JBNwEwdNwu4?feature=share

Two wrongs don't make a right. They make multiple wrongs. There's no stopping this train wreck now."Anthropic describes Project Glasswing as a coalition of tech giants committing $100 million in AI resources to hunt down and fix long-hidden vulnerabilities in critical open source software that it's finding with its new Mythos AI program. Or as The Reg put it, 'an AI model that can generate zero-day vulnerabilities'."The Register: Opinion: Project Glasswing and open source software: The good, the bad, and the ugly https://www.theregister.com/2026/04/10/project_glasswing/ @theregister @sjvn #Anthropic #Glasswing #infosec

@hillu Not necessarily. I would assume that trail of bits does a better job building PoC's than I do on my sofa with a headache from a cold. Anything else would deeply surprise me, as I have found their work to be extremely professional and thorough so far.Also, "AI enabled us to find 200 bugs per week" does not equal "AI found 200 bugs that we then confirmed." Anecdotally, the greatest help AI has been to me in my security work has been "here's an entire codebase that I know nothing about, written with a framework I'm not familiar with. I know that somewhere in there is the place where [feature X] is implemented. Find this place for me. Then explain line by line how [specific thing] works.". So, it reduces the overhead of having to trawl through 500 Java files and follow 8 references to finally get to the point where the thing you actually want to know is buried.I'm pretty sure use of AI will not take me from 15 to 200 bugs a week, but also, I am not a pentester (my focus is on security architecture), so, no idea what it's like for Trail of Bits. I would not use what I did today as evidence that the statement is false or misleading.