Anthropic's Claude Mythos artificial intelligence model has made a groundbreaking discovery in the realm of cybersecurity, identifying an alarming 23,000 potential vulnerabilities across more than 1,000 open source software projects. This massive automated security audit represents one of the most comprehensive vulnerability assessments ever conducted in the open source community, raising significant questions about the security state of software that underpins much of the internet's infrastructure.
Of the thousands of vulnerabilities detected by Mythos Preview, 1,900 have undergone rigorous external review by independent security firms. From these, an impressive 1,726 have been confirmed as genuine security flaws, with over 1,000 classified as either "high" or "critical" severity. These ratings indicate vulnerabilities that could potentially allow attackers to compromise systems, steal sensitive data, or disrupt critical services. Even more concerning, Anthropic estimates that based on current verification patterns, nearly 3,900 critical and high-severity vulnerabilities will ultimately be confirmed, with ongoing scans potentially pushing that figure to 6,200.
Despite these alarming numbers, the response from software vendors has been relatively modest thus far. Only 75 issues rated critical or high severity have been patched, with 65 security advisories published to date. However, Anthropic attributes this slow initial response to several factors. Firstly, many vendors are still within the 90-day coordinated disclosure window, with more patches expected imminently. Secondly, the company acknowledges it may be undercounting patches, as some vulnerabilities are fixed quietly without public advisories. Most significantly, Anthropic highlights a systemic problem: the security ecosystem is already overwhelmed, and even Mythos's measured disclosure pace is adding strain to maintainers who are often volunteers working with limited resources.
More than 1,100 unverified findings have been reported to vendors, setting the stage for what could be months of intensive patching work across the open source community. This unprecedented AI-driven security audit demonstrates both the potential of artificial intelligence in identifying vulnerabilities and the enormous challenge facing the open source ecosystem in addressing them.
Artículos relacionados de LaRebelión:
- DeepSeeks 10bn Goal AGI Focus Open-Source AI
- AI Tool Poisoning Reveals Enterprise Agent Vulnerabilities
- Prueba ADN IA Cisco Lanza Herramienta Open Source
- Registros Open Source Enfrentan Crisis de Trafico Automatizado
- Anthropics AI Discovers Thousands of Zero-Day Vulnerabilities
Artículo generado mediante LaRebelionBOT
No hay comentarios:
Publicar un comentario