Open-Source Software Projects Expose 23,000 Vulnerabilities

Critical Vulnerabilities Found in Over 1,000 Open Source Software Projects

Anthropic researchers have conducted extensive scans using the Claude Mythos model and discovered a substantial number of severe vulnerabilities in over 1,000 open-source software (OSS) projects.

• 23,000 potential vulnerabilities detected**: Using their advanced model, the team identified over 23,000 potential vulnerabilities, with approximately 1,900 reviewed by external security firms and 1,726 confirmed.
• High and Critical Severity**: A significant portion of these vulnerabilities have been rated “high” or “critical” in severity, with the company estimating that nearly 3,900 critical and high-severity vulnerabilities will be confirmed based on current findings.
• Ongoing Scans May Reach up to 6,200 Severe Vulnerabilities**: This number may rise further as the scans are ongoing, potentially reaching as high as 6,200 severe vulnerabilities.

According to Anthropic, more than 1,100 unverified findings have been shared with vendors, and 75 issues with a critical or high severity rating have been patched. Vendors have issued 65 security advisories, although the rate of patches remains relatively low due to various factors, including the time frame set forth in the company’s coordinated vulnerability disclosure policy.

The majority of the vulnerabilities are confined to OSS projects, with the AI company conducting most of the scanning. However, several organizations that have access to Mythos Preview through Project Glasswing have reported positive test results, such as:

• Mozilla**: Discovered 271 Firefox vulnerabilities with the aid of Mythos.
• Palo Alto Networks**: Found dozens of flaws with the help of Mythos.

Experts note that the effectiveness of Mythos can vary depending on the specific project, as demonstrated by the instance where it found only one low-severity vulnerability in Curl. Despite this, the overall impact of the discoveries has been significant, highlighting the importance of thorough vulnerability assessment and timely patching in preventing potential exploitation.

As the use of AI-powered vulnerability discovery continues to grow, organizations must remain vigilant in addressing these emerging threats to ensure the security and integrity of their systems. By acknowledging the challenges posed by these vulnerabilities, companies can take proactive steps to mitigate risks and maintain a robust defense against potential attacks.

About Author

Anuj

See author's posts