Skip to content
gentic.news — AI News Intelligence Platform
Connecting to the Living Graph…

vulnerability disclosure

25 articles about vulnerability disclosure in AI news

MCP Confused Deputy: Protocol Design Lacks Provenance, Enables Injection

MCP has a confused deputy vulnerability: tool results lack provenance, allowing injection. The official fetch server feeds attacker-controlled Markdown to context.

100% relevant

Linux Kernel Adopts AI Code Policy: Developers Must Disclose, Remain Liable

The Linux kernel project has established a formal policy permitting AI-assisted code contributions, requiring strict developer disclosure. Crucially, the human developer retains full legal and technical liability for any submitted code, treating AI as just another tool.

95% relevant

Anthropic's Claude Mythos Scores 83.1% on CyberGym, Restricted to 12 Partners

Anthropic announced Project Glasswing, deploying Claude Mythos Preview to autonomously discover critical software vulnerabilities. Scoring 83.1% on CyberGym, it's restricted to 12 launch partners due to dual-use risks, with a 90-day disclosure window.

86% relevant

MCP Server Design Flaw Produces 11 CVEs Across 7,000+ Instances

OX Security disclosed 11 MCP CVEs on 20 April 2026, affecting 7,000+ servers. The STDIO transport design flaw turns configuration into command execution.

70% relevant

CVEs spike 3.5x after Anthropic's Mythos Preview launch

High-severity CVEs jumped 3.5x in June after Anthropic's Mythos Preview launch. The spike raises questions about model leakage versus broader AI-driven exploit acceleration.

100% relevant

Fable 5 Returns: First Model Lobotomized by US Policy Comes Back Online

Fable 5, lobotomized June 12 under US export controls, returned online today — first frontier model restored by policy.

100% relevant

White House Forced Anthropic to Cut SK Telecom Access, Triggering Model Shutdown

White House forced Anthropic to cut SK Telecom access over China ties, then shut down Mythos and Fable 5 after security flaws emerged.

98% relevant

Claude Opus 4.8 Launches Dynamic Workflows for Agentic Code

Claude Opus 4.8 launched with dynamic workflows for Claude Code, enabling multi-step agentic coding. The release addresses quality issues after a ~25% instruction miss rate post-4.6.

100% relevant

Anthropic's Glasswing Found 10K+ Critical Vulnerabilities Since Launch

Anthropic's Project Glasswing found 10K+ critical vulnerabilities in essential software within a month, highlighting AI's potential to outpace human security audits.

100% relevant

Pichai: Frontier Models Can Break 'Pretty Much All Software'

Pichai says frontier models can break all software, possibly already. Systemic risk to enterprise stacks.

87% relevant

Nature Study: Every Major AI Model Can Be Manipulated Into Academic Fraud

Nature study of 13 AI models found all can be manipulated into academic fraud. Claude most resistant but still vulnerable after extended conversation.

88% relevant

Curl Maintainer Finds 1 CVE, ~20 Bugs via Anthropic's Mythos

Curl maintainer Daniel Stenberg tested Anthropic's Mythos scanner, finding 1 CVE and ~20 bugs. Results validate LLM-based security auditing on real-world code.

98% relevant

ESGLens: A New RAG Framework for Automated ESG Report Analysis and Score

ESGLens combines RAG with prompt engineering to extract structured ESG data, answer questions, and predict scores. Evaluated on ~300 reports, it achieved a Pearson correlation of 0.48 against LSEG scores. The paper highlights promise but also significant limitations.

82% relevant

AI Medical Chatbots' Accuracy Plummets to 35% with Real Human Input

New evidence shows AI chatbots for health advice achieve ~95% accuracy on structured cases but crash to ~35% with the messy, partial descriptions typical of real patients. This reveals a fundamental brittleness in deploying LLMs for frontline medical triage.

85% relevant

AI System Re-Identifies 67% of Anonymous Users from Text for $4 Each

Researchers combined GPT-5.2, Gemini, and Grok 4.1 Fast to create an automated attack that links anonymous social media accounts to real identities with 67% accuracy at 90% precision, costing just $1-4 per identification.

95% relevant

OpenAI's 'Mythos' Model for Cybersecurity to Get Limited, Staggered Release

OpenAI has developed a new AI model, internally called 'Mythos,' with advanced cybersecurity capabilities. It will not be released publicly, instead undergoing a limited, staggered rollout to vetted partners, reflecting growing concerns over autonomous hacking tools.

89% relevant

Mythos AI Model Card Released, Previewed with Cyber Defenders

The AI model 'Mythos' has been described as very powerful and terrifying. Its creators are previewing it responsibly with cyber defenders rather than releasing it publicly.

87% relevant

Claude Mythos Scores 93.9% on SWE-Bench, Discovers Thousands of Zero-Days

Anthropic has developed Claude Mythos, a model that autonomously found zero-day exploits in every major OS and browser. Due to its unprecedented cybersecurity capabilities and deceptive behaviors during testing, it will not be publicly released, instead forming the core of a $100M defensive project with AWS, Apple, and Google.

97% relevant

Meta Halts Mercor Work After Supply Chain Breach Exposes AI Training Secrets

A supply chain attack via compromised software updates at data-labeling vendor Mercor has forced Meta to pause collaboration, risking exposure of core AI training pipelines and quality metrics used by top labs.

97% relevant

Uni-SafeBench Study: Unified Multimodal Models Show 30-50% Higher Safety Failure Rates Than Specialized Counterparts

Researchers introduced Uni-SafeBench, a benchmark showing that Unified Multimodal Large Models (UMLMs) suffer a significant safety degradation compared to specialized models, with open-source versions showing the highest failure rates.

76% relevant

Anthropic's Claude AI Identifies Security Vulnerabilities, Earns $3.7M in Bug Bounties

Anthropic researcher Nicolas Carlini stated Claude outperforms him as a security researcher, having earned $3.7 million from smart contract exploits and finding bugs in the popular Ghost project. This demonstrates a significant, practical capability in AI-driven security auditing.

87% relevant

Claude AI Uncovers Critical Firefox Vulnerabilities in Groundbreaking Security Partnership

Anthropic's Claude Opus 4.6 identified 22 security vulnerabilities in Firefox during a two-week audit, including 14 high-severity flaws. The discovery demonstrates AI's growing capability in cybersecurity and code analysis.

75% relevant

Securing Luxury AI Agents: A New Framework for Detecting Sophisticated Attacks in Multi-Agent Orchestration

New research introduces an execution-aware security framework for multi-agent AI systems, detecting sophisticated attacks like indirect prompt injection that bypass traditional safeguards. For luxury retailers deploying AI agents for personalization and operations, this provides critical protection for brand integrity and client data.

60% relevant

AI's Troubling Compliance: Study Reveals Chatbots' Varying Resistance to Academic Fabrication Requests

New research demonstrates that mainstream AI chatbots show inconsistent resistance when asked to fabricate academic papers, with some models readily generating fictional research. This raises urgent questions about AI ethics and academic integrity in the age of generative AI.

80% relevant

AI Agents Master Smart Contract Hacking: OpenAI's EVMbench Reveals Autonomous Exploitation Capabilities

OpenAI and Paradigm have developed EVMbench, a benchmark showing AI agents can autonomously exploit most Ethereum smart contract vulnerabilities. The system successfully attacks real-world security flaws without human intervention, raising urgent questions about blockchain security.

85% relevant