Seven Bugs in a Crypto Library

zkSecurity ran their AI audit pipeline against Cloudflare's CIRCL experimental crypto library and found seven genuine vulnerabilities — from float64 precision loss in threshold RSA to a full CP-ABE access-control break. The piece is as valuable for what it reveals about AI's specific blind spots in cryptographic reasoning as for the bugs themselves.

Read more →

The Bug-Finding Numbers Land

Epoch.ai tracked CVE disclosures from 21 major organizations and found June 2026 hit roughly 1,500 serious vulnerabilities — 3.5× the previous monthly peak. The spike correlates directly with Anthropic's Project Glasswing deploying Mythos Preview across major tech infrastructure. The 10,000+ vulnerabilities Glasswing found are mostly still unpublished.

Read more →

When the AI Builds the Proof of Concept

Cloudflare tested Anthropic's Mythos Preview — a security-focused model released under Project Glasswing — against fifty of its own internal repositories. The model can do something earlier tools couldn't: chain small vulnerability primitives into working exploits, then write and run proof-of- concept code to confirm exploitability. Cloudflare's eight-stage agent pipeline is a detailed blueprint for how production-grade AI security research actually has to be structured.

Read more →