Attack of the killer script kiddies

The Verge / 4/28/2026

💬 OpinionSignals & Early TrendsIdeas & Deep Analysis

共有:

Key Points

In August at DARPA’s AIxCC in Las Vegas, top cybersecurity teams showcased AI-based bug-finding tools that scanned 54 million lines of real code seeded with artificial flaws.
The teams not only detected most of the injected bugs, but their automation also uncovered more than a dozen bugs DARPA said were not inserted.
The article frames these results as part of a broader shift toward AI-assisted security testing that can produce unexpected, real-world findings.
It connects this security “earthquake” theme to Anthropic’s recent Claude Mythos, describing the model as seemingly effective at finding vulnerabilities and raising the stakes for how attackers and defenders may use AI.
Overall, the piece suggests the next wave of cybersecurity dynamics may involve rapid, AI-driven discovery—potentially by both defenders and would-be attackers (“script kiddies”).

Last August, some of the best cybersecurity teams in the business gathered in Las Vegas to demonstrate the strength of their AI bug-finding systems at DARPA's Artificial Intelligence Cyber Challenge (AIxCC). The tools had scanned 54 million lines of actual software code that DARPA had injected with artificial flaws. The teams were capable enough to identify most of the artificial bugs, but their automated tools went beyond that - they found more than a dozen bugs that DARPA hadn't inserted at all.

Even before the security earthquake that Anthropic delivered this month with Claude Mythos - the new AI model that seems to find vulnerabilities …

Read the full story at The Verge.