Anthropic's restricted Claude Mythos Preview model autonomously discovered thousands of high-severity vulnerabilities across every major OS and browser, including bugs hiding in plain sight for 27 years.
Microsoft's March 2026 Patch Tuesday fixes 84 vulnerabilities including a CVSS 9.8 RCE discovered by XBOW's autonomous AI agent, an Azure MCP Server SSRF, and an Excel XSS that hijacks Copilot to exfiltrate data.
Claude Opus 4.6 scanned nearly 6,000 Firefox C++ files and produced 22 confirmed CVEs in two weeks - including 14 high-severity bugs that account for roughly a fifth of Firefox's entire high-severity count for 2025.
Anthropic's Claude Opus 4.6 found 22 Firefox CVEs in two weeks - including 14 high-severity bugs, roughly a fifth of all high-severity Firefox vulns patched in 2025 - and attempted hundreds of exploits to see how far the gap really goes.
Truffle Security found 2,863 public Google API keys that silently gained access to Gemini AI endpoints, exposing private data and racking up charges with no warning to developers.
A security researcher found that the mcp-kali-server package - shipped in Kali's official repos - interpolates AI-supplied parameters directly into shell commands with shell=True, enabling trivial arbitrary command execution.
ZDI-26-124 discloses a critical command injection vulnerability in the claude-hovercraft tool's executeClaudeCode function, scoring CVSS 9.8 with no authentication required.
Check Point Research disclosed three vulnerabilities in Anthropic's Claude Code CLI that allowed remote code execution and API key theft through malicious project configuration files - all triggered before trust prompts appeared.
OpenClaw's GitHub security advisories jumped from ~90 to 130 in 48 hours. With 40,000+ exposed instances, a poisoned plugin marketplace, and malware targeting Mac Minis, the most popular personal AI agent is also the most dangerous.
A systematic security audit of Claude Code, Codex, Cursor, Replit, and Devin found 69 vulnerabilities in 15 test applications - zero CSRF protection, zero security headers, and SSRF in every single tool.
Anthropic's new Claude Code Security tool found 500+ zero-day vulnerabilities in open-source projects. CrowdStrike dropped 8%, Okta 10%. The cybersecurity industry is not having a good day.
