Simon Willison62 · 2026-04-07 20:52
Anthropic's Project Glasswing - restricting Claude Mythos to security researchers - sounds necessary to me
Anthropic didn't release their latest model, Claude Mythos ( system card PDF ), today. They have instead made it available to a very restricted set of preview partners under their newly announced Project Glasswing . The model is a general purpose model, similar to Claude Opus 4.6, but Anthropic claim that its cyber-security research abilities are strong enough that they need to give the software industry as a whole time to prepare. Mythos Preview has already found thousands of high-severity v...
Trail of Bits50 · 2026-04-07 11:00
What we learned about TEE security from auditing WhatsApp's Private Inference
WhatsApp’s new “Private Inference” feature represents one of the most ambitious attempts to combine end-to-end encryption with AI-powered capabilities, such as message summarization. To make this possible, Meta built a system that processes encrypted user messages inside trusted execution environments (TEEs), secure hardware enclaves designed so that not even Meta can access the plaintext. Our now-public audit , conducted before launch, identified several vulnerabilities that compromised What...
Rapid7 Blog40 · 2026-04-07 13:06
A First Look at Our Speaker Lineup and Agenda for the Rapid7 2026 Global Cybersecurity Summit
The agenda for the Rapid7 2026 Global Cybersecurity Summit is starting to take shape, and with it, a clearer picture of the conversations security teams need to be having right now. Taking place May 12–13, this year’s summit brings together a mix of security leaders, practitioners, analysts, and industry voices to explore how organizations are moving from reactive defense to preemptive security operations. The focus is practical. What is changing, what is not working, and what teams need to d...
Deeplinks17 · 2026-04-07 19:24
EU Parliament Blocks Mass-Scanning of Our Chats—What's Next?
The EU’s so-called Chat Control plan , which would mandate mass scanning and other encryption breaking measures, has had some good news lately . The most controversial idea, the forced requirement to scan encrypted messages, was given up by EU member states. And now, another win for privacy: the EU Parliament has dealt a real blow to voluntary mass-scanning of chats by voting to not prolong an interim derogation from e-Privacy rules in the EU. These rules allowed service providers, temporari...
Cyber Kendra17 · 2026-04-07 17:02
Linux's Print System Has a Zero-Click Root Hole — and No Fix Yet
If your Linux server runs a shared PostScript print queue, a remote attacker with no credentials whatsoever can — right now — execute arbitrary code on it, then quietly escalate to root. That's the condensed version of two newly disclosed vulnerabilities in CUPS, the printing backbone of virtually every Linux and Unix-like system. Security researcher Asim Manizada, working with a self-orchestrating team of AI agents that hunt for AI vulnerabilities, discovered and chained the two flaws : CVE-...
Cyber Kendra17 · 2026-04-07 16:20
Your Router Is Spying on You — And Russia's APT28 Is Behind It
Your home router may already be working for Russian military intelligence — and you'd have no idea. In a rare coordinated disclosure, both the UK's National Cyber Security Centre (NCSC) and Microsoft Threat Intelligence have published detailed research exposing how APT28 — Russia's GRU military intelligence unit, tracked by Microsoft as Forest Blizzard and its sub-group Storm-2754 — has been running a large-scale campaign to hijack home and small office routers, silently redirecting internet ...
IEEE Spectrum12 · 2026-04-07 14:00
Decentralized Training Can Help Solve AI’s Energy Woes
Artificial intelligence harbors an enormous energy appetite. Such constant cravings are evident in the hefty carbon footprint of the data centers behind the AI boom and the steady increase over time of carbon emissions from training frontier AI models . No wonder big tech companies are warming up to nuclear energy , envisioning a future fueled by reliable, carbon-free sources. But while nuclear-powered data centers might still be years away, some in the research and industry spheres are takin...
gilesthomas.com11 · 2026-04-07 21:00
Writing an LLM from scratch, part 32i -- Interventions: what is in the noise?
Towards the end of last year, I trained a 163M-parameter GPT-2-style model from scratch on my local RTX 3090 , using code based on Sebastian Raschka 's book " Build a Large Language Model (from Scratch) ". The result was a pretty decent little model, but it wasn't as good as the original GPT-2-small, despite having more parameters (because it wasn't using weight-tying). Specifically: on a particular test set, my model gave a loss of 3.944 -- quite a lot more than the original GPT-2's 3.500 on...
Jeremy Kun10 · 2026-04-07 13:00
Deterministic Primality Testing for Limited Bit Width
Problem: Determine if a 32-bit number is prime (deterministically) Solution: (in C++) // Bases to test. Using the first 4 prime bases makes the test deterministic // for all 32-bit integers. See https://oeis.org/A014233. int64_t bases[] = {2, 3, 5, 7}; inline int countTrailingZeros(uint64_t n) { if (n == 0) return 64; return __builtin_ctzll(n); } int64_t modularExponentiation(int64_t base, int64_t exponent, int64_t modulus) { int64_t res = 1; int64_t b = base % modulus; int64_t e = exponent; ...
Linux Foundation Blogs8 · 2026-04-07 18:07
Introducing Project Glasswing: Giving Maintainers Advanced AI to Secure the World's Code
In the late fall of 2025, artificial intelligence models made a big leap in coding ability. Since then, we have been hearing about a darker side of this breakthrough — how the new generation of AI models are also astoundingly good at identifying previously undiscovered software vulnerabilities. These discoveries are impacting some of the most security-hardened systems in the world. What’s more, the AI systems making these discoveries demonstrate incredible sophistication, often chaining toget...
shkspr.mobi6 · 2026-04-07 11:34
Did WordPress VIP leak my phone number?
As discussed in my last blog post, the scumsuckers at Apollo.io have been giving out my personal details. Not only did they have my email address, they also had a copy of one of my phone numbers. I asked them where they got it from and they said: Your phone number came from Parsely, Inc (wpvip.com) one of our customers who participates in our customer contributor network by sharing their…