Tag
#ai-security
5 posts tagged #ai-security.
-
Analysis · Jun 16, 2026 · Colten Anderson
A model was pulled for being too good at finding bugs
Anthropic shipped Claude Fable 5 and Mythos 5, then a federal directive killed both four days later. In May we forecast the patch window had gone negative; this is the first time a regulator reached for a kill switch to agree.
-
Analysis · May 24, 2026 · Colten Anderson
The patch window went negative. Now what?
Mandiant's mean time-to-exploit is negative seven days. NVD gave up on enriching most of the catalog. Here's what the next 24 months of patch management actually look like with AI on both sides.
-
Analysis · May 13, 2026 · Colten Anderson
Daybreak shipped without a single number of its own
OpenAI announced an end-to-end vulnerability detection and patching platform on May 12, then borrowed every performance figure from its predecessors. The borrowed figures don't help its case.
-
Analysis · May 3, 2026 · Colten Anderson
50 CVEs in 18 months is not a growing pain. It's a design choice the industry keeps making.
MCP went from unknown to default AI integration in under two years. The vulnerability count, the OWASP Top 10, and the simultaneous client failures tell a story about what happens when adoption is the only metric.
-
Analysis · May 1, 2026 · Colten Anderson
Anthropic's MCP gives every downstream app unauthenticated RCE, and they called it expected behavior
The Model Context Protocol's STDIO transport passes user input directly into subprocess execution with no sanitization. OX Security found 14+ CVEs across the ecosystem. Anthropic declined to patch.