I-Anthropic ibhengeze iprojekthi yeGlasswing, eza kubonelela ngokufikelela kwinguqulelo yokuqala yemodeli yayo ye-AI yeClaude Mythos ngenjongo yokuchonga ubuthathaka kunye nokuphucula ukhuseleko lwesoftware ebalulekileyo. Abathathi-nxaxheba bale projekthi baquka iLinux Foundation, iAmazon Web Services, iApple, iBroadcom, iCisco, iCrowdStrike, iGoogle, iJPMorganChase, iMicrosoft, iNVIDIA, kunye nePalo Alto Networks. Malunga nemibutho engama-40 eyongezelelweyo ifumene izimemo zokuthatha inxaxheba.
Ikhutshwe ngoFebruwari, iClaude Opus 4.6 AI model ifumene amanqanaba amatsha okusebenza kwiindawo ezifana nokuchongwa kobuthathaka, ukufunyanwa nokulungiswa kweempazamo, uphononongo lotshintsho, kunye nokwenziwa kwekhowudi. Uvavanyo ngale modeli ye-AI luvumele ukuchongwa kobuthathaka obungaphezulu kwama-500 kwiiprojekthi ezivulelekileyo kunye nokwenziwa kwe-C compiler ekwaziyo ukwakha i-kernel yeLinux. Nangona kunjalo, iClaude Opus 4.6 ayisebenzanga kakuhle ekudaleni imisebenzi yokusebenza.
Ngokutsho kwe-Anthropic, imodeli yesizukulwana esilandelayo "Claude Mythos" iphumelela kakhulu kwiClaude Opus 4.6 ekuveliseni ii-exploits ezilungele ukusetyenziswa. Kwiinzame ezininzi zokudala ii-exploits zobuthathaka ezichongiweyo kwi-injini yeJavaScript yeFirefox, zimbini kuphela eziphumeleleyo ngeClaude Opus 4.6. Xa kuphindaphindwa uvavanyo kusetyenziswa inguqulelo yokuqala yemodeli yeMythos, ii-exploits ezisebenzayo zenziwe izihlandlo ezili-181—izinga lempumelelo landa ukusuka kwi-zero ukuya kwi-72.4%.
Ngaphezu koko, iClaude Mythos yandisa kakhulu amandla ayo okubonakala ngathi ayikhuselekanga kwaye iyakwazi ukubona iimpazamo. Oku, kunye nokufaneleka kwayo ekuphuhlisweni kwe-exploit, kudala iingozi ezintsha kushishino: imisebenzi yokubona ukuba ayikhuselekanga ingenziwa ngabantu abangengoochwephesha kwisithuba seeyure ezimbalwa. Kuyaphawuleka ukuba amandla okubona nokuba sengozini iMythos afikelele kumanqanaba obuchwephesha, engaphantsi kuphela kweengcali ezinamava.
Ekubeni ukuvula ukufikelela okungenamkhawulo kwimodeli ye-AI enezakhono ezinjalo kufuna ukulungiswa kweshishini, kwagqitywa ekubeni kuqale kuvulwe uhlobo lokuqala kwiqela elikhethiweyo leengcali ukuze kwenziwe umsebenzi wokuchonga ubuthathaka kunye nokulungisa iipatches kwiimveliso zesoftware ezibalulekileyo kunye nesoftware evulelekileyo. Ukuxhasa eli phulo, kunikezelwe inkxaso-mali ye-token eyi-100 yezigidi zeerandi, kwaye i-4 yezigidi zeerandi iya kunikelwa kwimibutho exhasa ukhuseleko lweeprojekthi ze-open-source.
Kwi-benchmark yeCyberGym, evavanya amandla okufumanisa ubuthathaka beemodeli, imodeli yeMythos ifumene amanqaku angama-83.1%, ngelixa i-Opus 4.6 ifumene amanqaku angama-66.6%. Kwiimvavanyo zomgangatho wekhowudi, iimodeli zibonise ukusebenza okulandelayo:
Ngexesha lovavanyo, i-Anthropic, isebenzisa imodeli ye-Mythos AI, yakwazi ukuchonga amawaka aliqela obuthathaka obungaziwa ngaphambili (iintsuku ezi-0) kwiiveki ezimbalwa nje, uninzi lwazo lwalubekwe kwinqanaba elibalulekileyo. Phakathi kwabo, bafumanise ubuthathaka kwi-OpenBSD TCP stack eyayingabonwanga kangangeminyaka engama-27, nto leyo evumela ukuba inkqubo ekude ingasebenzi. Bakwafumanise ubuthathaka obuneminyaka eli-16 ubudala ekuphunyezweni kweprojekthi ye-FFmpeg ye-H.264 codec, kunye nobuthathaka kwiikhowudi ze-H.265 kunye ne-av1, ezisetyenziswa xa kucutshungulwa umxholo owenziwe ngokukodwa.
Kufunyenwe iingxaki ezininzi kwi-kernel yeLinux ezazinokuvumela umsebenzisi ongenamalungelo okufumana amalungelo eengcambu. Ukudibanisa ezi ngxaki kunye kwavumela ukuba kudalwe izenzo ezinokufumana amalungelo eengcambu ngokuvula amaphepha akhethekileyo kwisiphequluli sewebhu. Kwenziwa nezenzo ezivumela ukuphunyezwa kwekhowudi kunye namalungelo eengcambu ngokuthumela iipakethi zenethiwekhi ezenziwe ngokukodwa kwiseva ye-FreeBSD NFS.
Kukho ubuthathaka obuchongiweyo kwinkqubo ye-virtualization ebhalwe ngolwimi olubonelela ngezixhobo zolawulo lwememori ekhuselekileyo. Olu buthathaka bunokuvumela ukuphunyezwa kwekhowudi ecaleni kwehost ngokusebenzisa ulawulo lwenkqubo yeendwendwe (ubuthathaka abuchazwanga kuba abukalungiswa, kodwa bubonakala bukhona kwibhloko engakhuselekanga kwikhowudi yeRust). Ubuthathaka bufunyenwe kuzo zonke iibrowser zewebhu ezidumileyo kunye neelayibrari ze-cryptographic. Ubuthathaka be-SQL injection buchongiwe kwii-applications ezahlukeneyo zewebhu.
umthombo: opennet.ru
