April 8, 2026 at 09:15 PM

Anthropic Announces Zero-Day Exploit Writing LLM

Anthropic has released a blog post stating that they have been using their new Mythos LLM for cybersecurity purposes, and have found that it is good at writing zero-day exploits.

According to Anthropic, the model was not designed with this capability, but the company has discovered that it is much better at this task than their other frontier models. The company states that they have disclosed many bugs in prominent open source operating systems and other software, but can only disclose about 1% of what they have found. An example in their blog post includes a 27 year-old bug in OpenBSD. The company has founded Project Glasswing to work with the industry on this problem, and has indicated that Mythos is not available to the general public.

April 8, 2026 at 09:04 PM

AI Finds 575+ Bugs in Python

Daniel Diniz has posted that he used a Claude Code plugin that has found, so far, over 575 confirmed bugs in Python C extensions.

Unlike the AI slop PRs investing many open source project issue trackers, Daniel appears to have used AI with a custom test harness that appear to have found issues more often than not.

Daniel also approached each maintainer with bug reports tailored to their specific project needs and style, demonstrating how AI can be used to correctly report bugs.

March 4, 2026 at 09:47 PM

Brazil Requires Age Verification But Forbids Collection Of Personal Data in 12 Days

On the heals of the sudden realization that stupid and obnoxious age verification laws have been passed in both California and Colorado, it has now come to light that Brazil passed an age verification law on 17 September last year. The law goes into enforcement 180 days after passage – 16 March 2026 or 12 days as of this writing.

The law intends to be a comprehensive protection for minors with online and computer services but includes operating systems. Even further, the law prohibits the use of “personal data” of a minor, of which a minor’s age is considered personal data.

It seems the tech community is just now coming to grips with these stupid laws as many were unaware of them. As reported earlier, some open source operating systems have altered their licenses to forbid their use in California. Others have suggested specific “spins” only for age-verification regions.

February 28, 2026 at 11:57 PM

MidnightBSD Forbids Use by Californians

Responding the new California Law, AB1043, which threatens developers of Open Source operating systems with fines if they do not implement an age verification mechanism, MidnightBSD has modified their license to exclude use by Californians staring Jan 1, 2027.

While California is the first state to inact age-verification mandates at the OS-level, Colorado recently passed a similar law.

February 28, 2026 at 11:46 PM

OpenClaw Wipes the Inbox of Meta AI Director

Summer Yue, Director of Alignment for Meta’s Super Intelligence Lab, had her email inbox wiped, Hillary Clinton style, by OpenClaw. Lacking any intelligence of her own, she asked OpenClaw to flag any emails that should be deleted but to ask for permission before deleting them. However, OpenClaw decided to operate on the “it is better to get forgiveness than permission” plan.

February 25, 2026 at 12:03 PM

Democrats Infringe on Open Source, Legislate Spyware

Adafruit, the maker-focused electronics design house and manufacturer based in New York, keeps finding that it needs to defend open source from busy-body politicians. Last month, the outwardly non-political, tech-focused company spoke out against New York Mayor Mamdami’s misinformed actions against Raspberry Pis.

Now Adafruit is speaking out against proposed legislation in Democratically-controlled Colorado that would require Linux and other open source operating systems to implement unsound age-verification practices. The Electronic Frontier Foundation maintains a website on the perils of age-verification technlogy.

Adafruit’s blog post also points out other recent challenges to makers and 3D printing, highlighting legislation in the Democratically-controlled states of New York and California that would limit 3D printers from printing parts that are somehow deemed usable in firearms. Adafruit is correct in asserting that such laws do not work, infringe on other uses of 3D printing technology, and drive up the costs and legal risks for manufacturers of maker-focused manufacturers and hobbyists.

February 11, 2026 at 03:44 PM

Hundreds of Malicious OpenClaw Skills Discovered

OpenClaw, is a self-hosted personal AI assistant that is all the rage lately. However, its centralized skills repository, ClawHub, has been found to have 314 malicious AI skills to be used in malware campaigns and other compromises.

Indications are that the malicious AI skills uploaded to ClawHub are not just one-off attacks but are a “systemic threat” to OpenClaw and ClawHub.

These AI skills appear a legitimate agents, but are intended to exfiltrate data, install backdoors, and execute other compromises.

As predicted, OpenClaw is an opsec nightmare.

February 11, 2026 at 03:33 PM

237 Repos Hit with AI Hallucinated NPM Vulnerability

Charlie Eriksen of Aikido Security discovered an npx command that was hallucinated by Artificial Intelligence and found its way into 237 GitHub repositories.

The command, “npx react-codeshift”, has never existed, yet it replicated in so many code bases due to AI hallucinations.

The package for the command did not exist, so Charlie claimed the package before a bad actor could, thus preventing what could have been a very damaging exploit.

This incident highlights the need for humans to double check the output of AI.

February 1, 2026 at 11:19 PM

ISP Goes Bankrupt Because Rats Keep Chewing Through Their Fiber

UK internet service provider G.Network has gone bankrupt in part because rats keeping chewing through their fiber optic cables made with biodegradable sheathing composed of soy and corn substances.

FitzWalter Capital, the private equity firm who owns G.Network, was attempting to unload the business on Community Fibre. However, Community Fibre backed out of the deal upon learning of G.Network’s underground rodent snacks.

January 30, 2026 at 01:19 PM

Cloudflare Makes a Post-Quantum Matrix Server

Ok. Cloudflare did not do it, but one of their employees did it as a side-project and the results are impressive.

Nick Kuntz ported the Matrix server Synapse to Cloudflare infrastructure making it serverless. And as a side benefit, every connection to this Cloudflare-hosted Matrix home server can take advantage of post-quantum cryptography.

The code is available on GitHub under the MIT license.