Accelerating Vulnerability Discovery with AI
Artificial Intelligence (AI) is accelerating the discovery of vulnerabilities, the generation of exploits, and the development of patches.
Vulnerability Discovery
The new Claude Mythos Preview AI model has reportedly uncovered and created exploits for thousands of previously unknown, critical, and unpatched vulnerabilities affecting major operating systems. As a result, we are now expecting significant security updates to address these issues.
AI-assisted security researchers recently identified a Linux vulnerability in just one hour, and its public disclosure, complete with exploit code, prompted immediate action to detect and respond. For those of you who manage your own Linux systems, refer to the ISO’s guidance for mitigating this active vulnerability.
What this means
As AI gets better at detecting vulnerabilities, expect:
- There will be less time between vulnerability disclosure and exploitation.
- Vendors will release critical patches more frequently, leading to unexpected service unavailability.
- You will need to patch systems and applications more frequently.
- Over time, improved tools will enhance the software development process.
Stay safe
Securing university resources is a responsibility shared by all campus members. As always, take charge of your technology by following the security guidance below.
- Keep operating systems and applications up to date, and enable auto-update.
- Promptly restart when updates require it.
- Faculty and staff should install CrowdStrike on CMU-owned computers that access restricted data or support university operations, if it hasn't already been installed.
- Do not attempt to exploit vulnerabilities on systems you are not responsible for, as this violates the Computing Policy.
- Report concerns to the Information Security Office (ISO) at 412-268-2044 or iso-ir@andrew.cmu.edu.