blindthoughts
security-infra · By

AI Found the Kernel Bug. Your Red Team Didn't.

Autonomous vulnerability discovery just crossed a threshold: an AI model found and exploited a kernel-level flaw on Apple silicon, and the gap between "AI-assisted research" and "AI-automated attack" is narrowing faster than most organizations have planned for.

When the Model Finds the Zero-Day

Researchers used Anthropic's Mythos AI model to locate and exploit a kernel memory corruption vulnerability on Apple's M5. The practical exposure is anyone running macOS on Apple silicon — which now means a substantial share of the professional laptop market. Kernel memory corruption bugs typically require months of skilled human research to identify and weaponize. AI shortening that timeline changes the economics of zero-day development for everyone: legitimate researchers, nation-states, and criminals who can access similar tooling. Meanwhile, Security Now's coverage of OpenAI, Microsoft, and Google racing to build AI that hunts vulnerabilities at scale suggests this isn't a one-off demonstration — it's the opening of a new phase.

Chinese Telecom Espionage Gets a New Toolkit

A Chinese cyber-espionage campaign targeting Middle Eastern telecommunications providers has surfaced two new malware families: Showboat, a modular Linux post-exploitation framework that installs a SOCKS5 proxy backdoor, and JFMBackdoor for Windows. The campaign has been active since at least mid-2022 — a four-year dwell time that speaks to either patient collection or detection difficulty in telecom infrastructure. The modular design means static signature detection is largely irrelevant; defenders need behavioral baselines. Telecom remains the target class that keeps surfacing in state-sponsored intrusions precisely because persistent access to routing infrastructure is worth more than any single exfiltrated dataset.

Cisco's Perfect Ten

Cisco has patched a maximum-severity flaw in Cisco Secure Workload that grants Site Admin privileges without authentication — a CVSS 10.0 in a platform organizations deploy specifically to enforce workload segmentation. Full admin access here means an attacker can rewrite policy, disable enforcement, and observe east-west traffic across a data center environment. The irony of a microsegmentation product enabling lateral movement is pointed. If you run Secure Workload, this is not a "patch in the next cycle" situation.

Agentic AI Is Already in Production. Security Isn't.

New data from Orchid Security finds that 57% of identity-related assets are unmanaged and invisible to security tooling — what they call "identity dark matter." That baseline is now colliding with the reality that agentic AI systems are executing tasks, consuming data, and taking actions in production environments without meaningful security oversight. Most IAM frameworks were designed around human users with predictable session patterns. An autonomous agent that invokes APIs, spawns sub-agents, and persists state across tasks generates a completely different event signature — one that existing tooling mostly ignores. The deployment velocity is not slowing down to wait for the security frameworks to catch up.

Enforcement Is Moving, Too

On the defensive ledger, a joint international operation seized First VPN, a service used by ransomware operators to anonymize their infrastructure. Separately, INTERPOL's Operation Ramz arrested more than 200 individuals and seized 53 servers across the Middle East and North Africa. The coordination across different agencies and regions signals that threat actors are losing some of the geographic safe harbors they have historically relied on — a meaningful shift even if individual actors quickly reconstitute.

The throughline here is speed: AI is accelerating offensive research, agentic systems are being deployed before security controls exist for them, and attackers are adapting toolkits on multi-year timelines that defenders rarely detect in progress. Treating any of these as a future concern is already the wrong posture.

Share:𝕏inr/HN🦋@
Was this useful?