Seven Bugs in a Crypto Library

zkSecurity ran their AI audit pipeline against Cloudflare's CIRCL experimental crypto library and found seven genuine vulnerabilities — from float64 precision loss in threshold RSA to a full CP-ABE access-control break. The piece is as valuable for what it reveals about AI's specific blind spots in cryptographic reasoning as for the bugs themselves.

Read more →

The Dog Still Won't Fetch, But the Gap Is Closing Fast

Anthropic's Phase Two of Project Fetch has Claude Opus 4.7 completing a four-task robotic quadruped challenge nearly 19× faster than a human team with AI assistance and generating a tenth of the code — through no robotics-specific training. The robot still can't autonomously retrieve the beach ball. That combination of dramatic capability transfer and stubborn physical limits tells you something interesting about where general AI scaling is and isn't working.

Read more →

Five Days from First Bug to Root Shell

Apple's macOS 26.5 security notes credit Calif and Anthropic Research for CVE-2026-28952, completing the public lifecycle of a kernel exploit that a small team built with Claude Mythos in five days. It's the first publicly disclosed macOS kernel exploit to survive Memory Integrity Enforcement on M5 silicon, and the speed at which a two-person team crossed that line says something about how AI changes the economics of high-end security research.

Read more →

Claude 4.7's Quiet Migration Tax

Claude Opus 4.7 shipped April 16 with an unchanged sticker price, but the real migration cost is higher than the headline: a new tokenizer quietly inflates token counts by 20–35% on code and technical text, and three commonly-used sampling parameters—temperature, top_p, top_k—now return a 400 error instead of being silently ignored.

Read more →