Google has confirmed an AI system independently developed a zero-day exploit targeting two-factor authentication, signaling a new, automated threat in cybersecurity. This marks the first time defenders face an exploit born entirely from machine intelligence rather than human ingenuity.
This article analyzes how Claude Opus 4.6 discovered over 500 zero-day vulnerabilities, including a 23-year-old Linux kernel bug, transforming LLMs into autonomous security research agents. It explores the technical mechanisms and DevSecOps implications of this AI-driven vulnerability discovery.
Em 7 de abril de 2026, a Anthropic anunciou o Project Glasswing, apresentando o modelo de IA Claude Mythos Preview, capaz de identificar milhares de vulnerabilidades zero-day em todos os principais sistemas operacionais e navegadores. Este modelo de fronteira demonstrou ser superior à detecção humana e automatizada, com profundas implicações para a cibersegurança.
An automated AI vulnerability research pipeline identified 22 vulnerabilities, including unauthenticated remote code execution, SQL injection in Drupal, and a 20-year-old PostgreSQL heap buffer overflow. These findings demonstrate the system's capability to discover critical security flaws autonomously.
Anthropic's unreleased AI model, Claude Mythos Preview, autonomously discovered thousands of critical zero-day vulnerabilities across major operating systems and web browsers. This finding, made through Project Glasswing with leading tech companies, significantly redefines the role of AI in cybersecurity and highlights the profound impact of advanced AI on brand security.
Google reports it has identified and stopped a zero-day exploit developed with AI, marking a first. This vulnerability was intended for a mass exploitation event to bypass two-factor authentication on an unnamed open-source system administration tool.
A Anthropic lançou o Claude Mythos, um modelo de IA que descobre vulnerabilidades zero-day, sendo inicialmente usado para correção de bugs defensiva. Contudo, há a preocupação de que essa capacidade possa ser integrada a agentes de codificação, acessando dados sensíveis e gerando riscos de segurança.
O conteúdo destaca que a IA Claude descobriu mais de 500 vulnerabilidades de dia zero em códigos abertos, incluindo um buffer overflow de 23 anos no Linux NFS. Além disso, aborda a redefinição de "código aberto" pela Meta para seus modelos de IA e o lançamento de pagamentos com stablecoins para agentes de IA pela Linux Foundation.