AI Sec Watch

Researchers discovered that AWS Bedrock AgentCore's Code Interpreter sandbox, which is supposed to isolate AI agents from external networks, could be bypassed using DNS tunneling (a technique that hides data inside DNS queries to leak information out of restricted environments). Additionally, they found a critical security flaw where the microVM Metadata Service (a system that provides credentials to running programs) lacked proper authentication, potentially allowing attackers to steal sensitive credentials through SSRF attacks (server-side request forgery, where a program is tricked into making requests on behalf of an attacker).

Anthropic released Claude Mythos, a new AI model with exceptionally strong cybersecurity research abilities, but restricted access to only a small group of preview partners through Project Glasswing instead of releasing it publicly. The model can autonomously develop complex exploits (attacks that chain multiple vulnerabilities together to break into systems), finding thousands of high-severity vulnerabilities in major operating systems and web browsers, which is a major leap forward compared to older models like Claude Opus 4.6.

The java-sdk has a DNS rebinding vulnerability (an attack where a hacker tricks your browser into accessing a private server by manipulating domain name resolution) that allows attackers to make tool calls to local or private MCP (model context protocol, a system for AI agents to interact with tools) servers if you visit a malicious website. This happens because the java-sdk wasn't validating the Origin header (a security check that confirms requests come from trusted sources) before version 1.0.0, violating the MCP specification.

OpenTelemetry-Go has a denial-of-service vulnerability where the library parses multiple `baggage` HTTP headers (a standard for distributed tracing metadata) separately instead of treating them as one combined value. An attacker can send many baggage header lines to force the server to waste CPU and memory on repeated parsing work, even though each individual header stays within size limits, causing high latency and excessive allocations per request.

Anthropic released Claude Mythos Preview, an advanced AI model that excels at finding security vulnerabilities (weaknesses in software), but is limiting access to a select group of companies through a program called Project Glasswing to prevent attackers from misusing it. The model can identify bugs that were previously hard to detect, including a 27-year-old bug in OpenBSD (an operating system focused on security), and Anthropic is working with U.S. government agencies to manage the risks of this powerful cybersecurity capability.

Anthropic announced Claude Mythos Preview, a powerful AI model capable of finding software vulnerabilities and developing exploits, alongside Project Glasswing, an industry consortium of over 40 major tech companies that will receive early access to test the model on their systems. The staggered release approach, modeled after coordinated vulnerability disclosure (the practice of giving developers time to patch bugs before public disclosure), aims to help organizations identify and fix security weaknesses before the model becomes widely available in the coming months.

Anthropic has developed a new AI model called Claude Mythos as part of Project Glasswing, an initiative aimed at securing critical software before it can be exploited by attackers. The model is framed as both a cybersecurity advance and a potential risk, since advanced AI capabilities could theoretically be misused if they fall into the wrong hands.

NVIDIA Triton Inference Server has a vulnerability (CVE-2026-24175) where an attacker can crash the server by sending a malformed request header, potentially causing a denial of service (disruption of normal service). The vulnerability stems from an uncaught exception (an error that the program doesn't handle properly), which allows attackers to exploit this weakness.

NVIDIA Triton Inference Server has a vulnerability (CVE-2026-24174) where an attacker can crash the server by sending a malformed request (a request with incorrect formatting), causing a denial of service (when a system becomes unavailable to legitimate users). The vulnerability stems from incorrect conversion between numeric types (the software not properly handling different number formats).