Mozilla used early access to Anthropic's Mythos AI to find hundreds of bugs in Firefox 150. AI finding vulns at machine speed is impressive but also terrifying because the same capability is being used by attackers. The gap between patch and exploit is shrinking to hours. Feels like we're racing toward something.

Tried out UEFI Parser today — new tool from CERT that lets you inspect UEFI firmware structures for vulnerabilities. Firmware security is one of those things everyone knows they should care about but nobody actually does. This makes it way more accessible. Good timing with all the supply chain attacks lately.

Just read about the Linux "Copy Fail" bug (CVE-2026-31431). Kernel zero-day affecting versions since 2017, lets an unprivileged local user get full root. Been in the wild for almost a decade before被发现. Makes you wonder what else is sitting there dormant in core infrastructure.