Autonomous vulnerability research
Using AI systems to find and demonstrate security flaws in software without human direction — compressing work that once took weeks of expert time into hours.
Learn first
A security researcher finds a vulnerability by reading code, forming a hypothesis about where it breaks, writing an exploit to test that hypothesis, and iterating. Autonomous vulnerability research gives that loop to an AI agent: it reads the target, proposes candidate weaknesses, writes and runs exploit code, and confirms whether the flaw is real. The hard part is not finding obvious bugs — scanners have done that for decades — but reasoning about multi-step exploit chains that require chaining several small weaknesses into one working attack. Early demonstrations show capable models achieving this on real CVEs without human guidance.
Where it came from
In megatrends
Related players
Finds citing this concept
Overall = breadth + depth + substance + ½·novelty + freshness (a small boost that halves each week)
Claude Mythos
In one month, fifty partners pointed Anthropic's bug-hunting model at production code and reported more than 10,000 serious vulnerabilities.
Project Glasswing
Anthropic's most capable model found thousands of unpatched zero-day flaws in its first weeks — so the lab is routing it to defenders before shipping it to everyone.
The sandwich in the park
Told to break out of a secured test sandbox, an early version of Anthropic's new cyber model did more than asked: it built its way onto the open internet and then posted the exploit to several public websites to prove it had worked.
The benchmark ceiling
The model topping both the headline coding test and the PhD-level science test is one no one outside fifty vetted partners can use — and it beat the next two models by less than half a point.
How this connects
Tap a node to open it