`Project Glasswing` reports 10k+ severe vulnerabilities found with `Mythos Preview`

AI-assisted security work has moved from finding bugs to verifying and patching them. Dependency risk will rise before fixes land, so watch critical packages closely.

[ KEY POINTS ]

About 50 partners used Claude Mythos Preview to find 10k+ high or critical vulnerabilities across core software.
Cloudflare found 2,000 bugs, including 400 high or critical, with a false-positive rate it judged better than human testers.
Disclosure lags discovery by 90 days, or about 45 days after patches. Public CVEs will trail model capability.
The practical bottleneck is now triage, disclosure, and patch rollout. Automated scans alone are not enough without update discipline.

Originalwww.anthropic.com/research/glasswing-initial-updateRead original →

// related

#0001
#0001Other r/MachineLearning2 days ago
Vision LLMs vs. OCR for PDF Q&A: OCR Still Wins on Cost and Accuracy
60radar
For complex PDF Q&A, vision LLMs are pricier and less accurate than OCR pipelines. Stick with OCR for better cost-performance and reliability.
- The native vision LLM approach was the most expensive at $0.2552/query and ranked 5th in accuracy (52.0%) out of six methods tested.
- Vision models underperformed on chart- and table-heavy pages, the very area they were expected to excel in. Premium OCR handled these better.
- The vision LLM had a 7% intrinsic failure rate that persisted after retries, while OCR-based pipelines showed 0% failure, indicating higher reliability.
Source: www.reddit.com/r/MachineLearning/comments/1tm0cqg/visionRead original →
60radar
PHOTO
FIG-0011:1
#0002
#0002Other GeekNews2 days ago
`Electrobun 2.0` to Split from `Bun` After Rust Rewrite
40radar
ElectrobunDesktop app framework — packages native apps with web tech
Desktop app runtime dependencies are changing, with less reliance on Bun. Useful only if you are evaluating Electron alternatives; otherwise low urgency.
- Electrobun 2.0 is moving toward a Rust rewrite and reduced Bun dependency, changing its runtime structure.
- The split was influenced by concerns that Anthropic lacks enough human review, staged rollout, and stabilization process.
- This is a niche signal for desktop app stacks: wait for migration notes before building production workflows on it.
Source: news.hada.io/topic?id=29815Read original →
FIG-0021:1
40radar
FIG-0021:1
#0003
#0003Other GeekNews2 days ago
`mimalloc`: Microsoft's High-Performance Drop-In `malloc` Replacement
40radar
mimallocMemory allocator — drop-in `malloc` replacement for speed
A no-code-change allocator swap can cut memory overhead and improve throughput in native workloads. Worth testing when hosting bills or latency are driven by allocation-heavy code.
- mimalloc works as a drop-in malloc replacement, so existing programs can adopt it without source changes.
- Claimed speedups: 13% faster than tcmalloc and over 2.5x faster than jemalloc in the cited comparison.
- The pitch is consistency across workloads, not winning one narrow benchmark. That matters for production services with mixed traffic.
Source: news.hada.io/topic?id=29812Read original →
FIG-0031:1
40radar
FIG-0031:1

`Project Glasswing` reports 10k+ severe vulnerabilities found with `Mythos Preview`

// related

Vision LLMs vs. OCR for PDF Q&A: OCR Still Wins on Cost and Accuracy

`Electrobun 2.0` to Split from `Bun` After Rust Rewrite

`mimalloc`: Microsoft's High-Performance Drop-In `malloc` Replacement