Anthropic's Project Glasswing is a collaborative effort aimed at securing critical software before increasingly capable AI models can be weaponized against it. The project has leveraged Claude Mythos Preview to identify over ten thousand high- or critical-severity vulnerabilities across the world's most systemically important software. While vulnerability discovery was once the limiting factor, the bottleneck has now shifted to the verification, disclosure, and patching of the vast number of vulnerabilities found by AI.

Initial results show significant impact, with partners like Cloudflare finding 2,000 bugs (400 high- or critical-severity) and Mozilla fixing 271 vulnerabilities in Firefox 150, a more than tenfold increase compared to findings with Claude Opus 4.6. Mythos Preview is also the first model to solve both of the UK's AI Security Institute's cyber ranges end-to-end and has demonstrated superior performance on benchmarks like XBOW and academic exploit development tests.

Anthropic has also scanned over 1,000 open-source projects, identifying an estimated 6,202 high- or critical-severity vulnerabilities. Of these, 1,752 have been assessed by independent security firms, with 90.6% confirmed as valid true positives. The project highlights that while finding vulnerabilities has become significantly easier with AI, the human capacity for triage, reporting, and patch development and deployment remains a critical bottleneck.

To address this, Anthropic has released Claude Security in public beta for Claude Enterprise customers, assisting teams in scanning codebases and generating proposed fixes. They have also launched a Cyber Verification Program, allowing security professionals to use their models for legitimate cybersecurity purposes without certain safeguards. Anthropic aims to release Mythos-class models more broadly in the future, once stronger safeguards against misuse are developed.

👉 Read the full article on Anthropic

Figure AI captivated millions of viewers with a live stream showcasing humanoid robots sorting packages for hours on a conveyor belt. This demonstration shifted focus from spectacular feats like parkour or dancing to the practical ability of robots to perform real, repetitive work over extended periods. The robots autonomously executed tasks such as detecting barcodes, picking up boxes, and correctly rotating them on the conveyor belt for eight continuous hours.

The stream lasted over 24 hours, during which the robots sorted more than 30,000 packages without significant errors, with viewers even naming the robots Bob, Gary, and Frank, following the broadcast like a Twitch live stream. The key takeaway from this experiment was not merely the robot's ability to perform a single action, but its demonstrated endurance to maintain continuous work for hours, adapt to different package sizes, and recover from minor faults.

Figure AI claims its robots are approaching human performance, achieving approximately three seconds per package. The new Figure 03 robot utilizes an AI system called Helix-02, integrated with cameras, tactile sensors, adaptive hands, and an inductive charging system for near-continuous operation. The company's message is clear: the immediate future of humanoids lies not in serving coffee in smart homes, but in repetitive tasks within warehouses and factories.

A symbolic highlight of the demonstration was a 10-hour package sorting competition between a robot and human employee, Aimé Gérard. The human won by a narrow margin of just 192 packages, prompting Figure AI founder Brett Adcock to declare, "This will be the last time a human wins." This experiment suggests that humanoid robotics is evolving from mere spectacle to a practical solution capable of replacing monotonous tasks for thousands of hours.

👉 Read the full article on Gizmodo en Español

This research identifies a systematic blind spot in injection detectors deployed to protect LLM agents. These detectors are typically calibrated on static, template-based payloads that explicitly announce themselves as override directives. However, when payloads are generated to mimic the domain vocabulary and authority structures of the target document, termed "domain-camouflaged injection," standard detectors fail to flag them.

Experiments demonstrated a significant drop in detection rates: from 93.8% to 9.7% on Llama 3.1 8B and from 100% to 55.6% on Gemini 2.0 Flash. This phenomenon is formalized as the "Camouflage Detection Gap (CDG)," defined as the difference in injection detection rate between static and camouflaged payloads. Across 45 tasks spanning three domains and two model families, the CDG was found to be large and statistically significant.

Furthermore, Llama Guard 3, a production safety classifier, detected zero camouflaged payloads (IDRcamouflage = 0.000), confirming that this blind spot extends beyond few-shot detectors to dedicated safety classifiers. The study also showed that multi-agent debate architectures amplify static injection attacks by up to 9.9x on smaller models, while stronger models exhibited collective resistance.

Targeted detector augmentation provided only partial remediation (10.2% improvement on Llama, 78.7% improvement on Gemini), suggesting that for weaker models, this vulnerability is architectural rather than incidental. The researchers have publicly released their framework, task bank, and payload generator to contribute to future research.

👉 Read the full article on arXiv