Jiraaf launches bond research reports to make retail bond investing clearerThe Jiraaf bond research reports help answer a basic but important question: Is this bond worth investing in at the given rate of return? Published on: Apr 14, 2026 12:04 PM IST By HT Brand Studio Share via Copy link For
Kitten custody issue sparks catfight between Bengaluru neighbours, cops step in to settle disputeA dispute involving pet cats escalated into a full-blown ‘catfight’ between neighbours in Bengaluru, eventually forcing cops to step in to restore the peace. Updated on: Apr 14
It is 10 years since the day that changed James Taylor's life forever. Having been taken ill during a pre-season match for Leicestershire against Cambridge University, the England international batter drove back to Nottingham for a hastily arranged doctor appointment he hoped would clear up the
Light falls on a hand-sculpted pedestal with two busts, backs to each other. Below one is the inscription “Dr Rohith Vemula”, a reminder of the unfulfilled dream of the doctoral scholar who died by suicide at the Hyderabad Central University in January 2016
Sunrisers Hyderabad (SRH) pace bowling coach Varun Aaron praised the two debutants, Praful Hinge and Sakib Hussain, and said their performance against Rajasthan Royals (RR) on Monday was "a dream come true for the team," after the bowlers handed SRH a 57-run win by taking four wickets each
AI Is Finding Bugs That Hackers Can Exploit
AI Is Finding Bugs That Hackers Can Exploit. Get Ready for Bugmageddon.
AI Is Finding Bugs That Hackers Can Exploit. Get Ready for Bugmageddon.
The White House and industry leaders are racing to fix vulnerabilities, which AI models such as Anthropic’s Mythos can discover with frightening speed.
Published on: Apr 14, 2026 11:15 AM IST WSJ Share via Copy link The software bug was capable of crashing an operating system used by firewalls, servers and network appliances. It went undetected for over 27 years. Logan Graham, facing forward, with Anthropic colleagues who evaluate AI for risks. Last month, it was caught by Mythos, the latest AI model from Anthropic that has spooked the White House, banking executives and cybersecurity professionals around the world. Welcome to the bug armageddon. AI models like Mythos and others are finding bugs in older software at a rate never seen before. While most of the coding issues may be minor, their sheer volume has amplified the risk that smaller software developers will become overwhelmed with reports of bugs such as the one Mythos found. Thanks to AI, hackers will be able to leverage those bugs more quickly than ever before. The 1998 bug in the OpenBSD operating system was one of thousands Mythos found last month. Anthropic said last week that it is working with about 50 technology companies and organizations to find and fix bugs and currently has no plans to release Mythos to the general public. “We need to know that we can release it safely, and it’s not exactly clear how we can do that with full confidence,” said Logan Graham, the head of Anthropic’s Frontier Red Team, which evaluates AI for risks. Anthropic’s rival, OpenAI, is developing a similar campaign, offering a security-focused version of its product to developers so they can patch systems before these bugs are discovered by criminals, according to a person familiar with the company’s plans. Google also has an early access initiative for developers in the works, the company said. Mythos has set off a scramble among technology employees inside major companies, as many have tried to understand how the new model could upend cybersecurity and expose a range of new threats to their products. Numeric, an AI accounting automation platform based in San Francisco, recently kicked off a discussion of its risks in a cybersecurity Slack channel. “Well, this will be interesting,” one executive wrote. Some of the greatest risks to companies, Numeric co-founder Anthony Alvernaz said, will likely come from dependencies on so-called “open-source” tools built collaboratively, often by volunteers who may not have the resources to quickly triage bug reports. That infrastructure underpins much of the modern internet, he said. “The code a company writes is almost like the top layer of a cake, and underneath are all of these layers” of open-source software, he said. When he heard about Mythos finding an old OpenBSD bug, security researcher Niels Provos wondered if he had been the one who had made the mistake when he wrote some code for OpenBSD 27 years ago while obtaining his Ph.D. from the University of Michigan. A quick check confirmed his suspicions. “To be honest, I just thought it was hilarious. Because it’s code that is so old,” said Provos, formerly head of security with the payments company Stripe. “Who knows then the last time a human even looked at it.” Security researcher Niels Provos. For humans to find and exploit a bug like this would typically require countless hours of research. Most hackers wouldn’t have even looked at Provos’s old code, assuming that it had been picked over for bugs, Provos said. “Previously there were only a handful of people that could do this,” he said. “Now, with these tools, the skill that you need to develop really sophisticated exploits has gone way down.” Mythos found the bug—along with several dozen other issues—while burning about $20,000 of computing power over a two-day period, Anthropic said. Over the past few weeks, Mythos has also proved to be better at writing code that can exploit those vulnerabilities, Anthropic said. Today, most cyberattacks don’t involve previously undiscovered vulnerabilities, known as zero days. Hackers more often break into companies using previously discovered bugs, or by stealing login credentials or using social engineering techniques. Also, most corporations have other strategies in place to mitigate cyberattacks even if an individual computer is hacked. Earlier this year, Anthropic’s software discovered more than 100 bugs in the Firefox browser, and it was even able to write code that could exploit one of these bugs in a test version of the browser. In the real world, Firefox had other security mitigations that would have stopped the attack, which would have made more work for real-world hackers. The cybersecurity capabilities of the latest AI models have won over skeptics over the past few months. They have started to worry that patching a massive and growing number of bugs will lead to an unprecedented logistical challenge—the AI equivalent of Y2K, a worldwide effort to patch programs around the world that couldn’t comprehend a year after 1999. The Y2K warnings were dire, but the technological fixes largely worked. Many cybersecurity professionals believe the AI bug armageddon could play out along similar lines, but successfully patching thousands of vulnerabilities in all kinds of software will take a monumental effort, they say. Top White House officials including National Cyber Director Sean Cairncross are racing to address the threat Mythos and other models pose, working to identify weaknesses in government and coordinate the private sector response. Investors worry that these changes could upend the software industry, and shares of cybersecurity companies dropped last week. Most companies are getting better at patching critical bugs, but AI is driving up the sheer volume of reported bugs and patching everything is taking longer, according to HackerOne, which helps companies triage bug reports. Bug submissions are up 76% from last year and the average time to fix a bug has jumped from 160 days to 230 days during the same period, according to the company. Companies also worry that previously ignored technology products might now become targets, and that, unlike the tech giants, the companies or software developers who build these more obscure products might not have the resources to manage the patching onslaught. “It will get a lot easier to attack random pieces of infrastructure that no one was attacking before,” said Thomas Ptacek, a security researcher who is a principal at the cloud computing company Fly.io. Sergej Epp got his taste of this phenomenon in February. The chief information security officer at the cybersecurity company Sysdig, he hadn’t even tried to find a bug in a decade. But playing around with Anthropic’s software, he was quickly able to find a number of security issues. At a cybersecurity conference two weeks later, he unveiled a vibe-coded website that used publicly available data to show how quickly AI tools were turning new bugs into software that could be used in attacks. Modeling it on the Bulletin of the Atomic Scientists nuclear-destruction warning Doomsday Clock, he called it the Zero-Day Clock. Every piece of software has flaws, he said, and when a bug is discovered a race begins between hackers and people looking to patch the flaws, he says. It’s a long running race between attackers and defenders. Eight years ago, the average time between a bug’s public disclosure and an attack was 847 days, he said. Last year that dropped to 23 days. This year, most were exploited within a day. The website calls on the tech industry to fundamentally reboot the way it builds software. “AI is giving superpowers to hackers, not to defenders,” Epp said. Write to Robert McMillan at robert.mcmillan@wsj.com and Chip Cutter at chip.cutter@wsj.com Operating System Software Bug Home/Technology/AI Is Finding Bugs That Hackers Can Exploit. Get Ready For Bugmageddon. See Less Home/Technology/AI Is Finding Bugs That Hackers Can Exploit. Get Ready For Bugmageddon.The software bug was capable of crashing an operating system used by firewalls, servers and network appliances. It went undetected for over 27 years.
Last month, it was caught by Mythos, the latest AI model from Anthropic that has spooked the White House, banking executives and cybersecurity professionals around the world.
Welcome to the bug armageddon. AI models like Mythos and others are finding bugs in older software at a rate never seen before.
While most of the coding issues may be minor, their sheer volume has amplified the risk that smaller software developers will become overwhelmed with reports of bugs such as the one Mythos found. Thanks to AI, hackers will be able to leverage those bugs more quickly than ever before.
The 1998 bug in the OpenBSD operating system was one of thousands Mythos found last month. Anthropic said last week that it is working with about 50 technology companies and organizations to find and fix bugs and currently has no plans to release Mythos to the general public.
“We need to know that we can release it safely, and it’s not exactly clear how we can do that with full confidence,” said Logan Graham, the head of Anthropic’s Frontier Red Team, which evaluates AI for risks.
Anthropic’s rival, OpenAI, is developing a similar campaign, offering a security-focused version of its product to developers so they can patch systems before these bugs are discovered by criminals, according to a person familiar with the company’s plans. Google also has an early access initiative for developers in the works, the company said.
Mythos has set off a scramble among technology employees inside major companies, as many have tried to understand how the new model could upend cybersecurity and expose a range of new threats to their products.
Numeric, an AI accounting automation platform based in San Francisco, recently kicked off a discussion of its risks in a cybersecurity Slack channel. “Well, this will be interesting,” one executive wrote.
Some of the greatest risks to companies, Numeric co-founder Anthony Alvernaz said, will likely come from dependencies on so-called “open-source” tools built collaboratively, often by volunteers who may not have the resources to quickly triage bug reports. That infrastructure underpins much of the modern internet, he said.
“The code a company writes is almost like the top layer of a cake, and underneath are all of these layers” of open-source software, he said.
When he heard about Mythos finding an old OpenBSD bug, security researcher Niels Provos wondered if he had been the one who had made the mistake when he wrote some code for OpenBSD 27 years ago while obtaining his Ph.D. from the University of Michigan. A quick check confirmed his suspicions.
“To be honest, I just thought it was hilarious. Because it’s code that is so old,” said Provos, formerly head of security with the payments company Stripe. “Who knows then the last time a human even looked at it.”
For humans to find and exploit a bug like this would typically require countless hours of research. Most hackers wouldn’t have even looked at Provos’s old code, assuming that it had been picked over for bugs, Provos said.
“Previously there were only a handful of people that could do this,” he said. “Now, with these tools, the skill that you need to develop really sophisticated exploits has gone way down.”
Mythos found the bug—along with several dozen other issues—while burning about $20,000 of computing power over a two-day period, Anthropic said.
Over the past few weeks, Mythos has also proved to be better at writing code that can exploit those vulnerabilities, Anthropic said.
Today, most cyberattacks don’t involve previously undiscovered vulnerabilities, known as zero days. Hackers more often break into companies using previously discovered bugs, or by stealing login credentials or using social engineering techniques. Also, most corporations have other strategies in place to mitigate cyberattacks even if an individual computer is hacked.
Earlier this year, Anthropic’s software discovered more than 100 bugs in the Firefox browser, and it was even able to write code that could exploit one of these bugs in a test version of the browser. In the real world, Firefox had other security mitigations that would have stopped the attack, which would have made more work for real-world hackers.
The cybersecurity capabilities of the latest AI models have won over skeptics over the past few months. They have started to worry that patching a massive and growing number of bugs will lead to an unprecedented logistical challenge—the AI equivalent of Y2K, a worldwide effort to patch programs around the world that couldn’t comprehend a year after 1999. The Y2K warnings were dire, but the technological fixes largely worked.
Many cybersecurity professionals believe the AI bug armageddon could play out along similar lines, but successfully patching thousands of vulnerabilities in all kinds of software will take a monumental effort, they say.
Top White House officials including National Cyber Director Sean Cairncross are racing to address the threat Mythos and other models pose, working to identify weaknesses in government and coordinate the private sector response.
Investors worry that these changes could upend the software industry, and shares of cybersecurity companies dropped last week.
Most companies are getting better at patching critical bugs, but AI is driving up the sheer volume of reported bugs and patching everything is taking longer, according to HackerOne, which helps companies triage bug reports. Bug submissions are up 76% from last year and the average time to fix a bug has jumped from 160 days to 230 days during the same period, according to the company.
Companies also worry that previously ignored technology products might now become targets, and that, unlike the tech giants, the companies or software developers who build these more obscure products might not have the resources to manage the patching onslaught.
“It will get a lot easier to attack random pieces of infrastructure that no one was attacking before,” said Thomas Ptacek, a security researcher who is a principal at the cloud computing company Fly.io.
Sergej Epp got his taste of this phenomenon in February. The chief information security officer at the cybersecurity company Sysdig, he hadn’t even tried to find a bug in a decade. But playing around with Anthropic’s software, he was quickly able to find a number of security issues.
At a cybersecurity conference two weeks later, he unveiled a vibe-coded website that used publicly available data to show how quickly AI tools were turning new bugs into software that could be used in attacks. Modeling it on the Bulletin of the Atomic Scientists nuclear-destruction warning Doomsday Clock, he called it the Zero-Day Clock.
Every piece of software has flaws, he said, and when a bug is discovered a race begins between hackers and people looking to patch the flaws, he says. It’s a long running race between attackers and defenders.
Eight years ago, the average time between a bug’s public disclosure and an attack was 847 days, he said. Last year that dropped to 23 days. This year, most were exploited within a day.
The website calls on the tech industry to fundamentally reboot the way it builds software.
“AI is giving superpowers to hackers, not to defenders,” Epp said.
Write to Robert McMillan at robert.mcmillan@wsj.com and Chip Cutter at chip.cutter@wsj.com
Source: HindustanTimes
Related Posts: Are Bugs The Next Space Superfood Apple iOS 26 bugs frustrate users Apple iOS 26 bugs frustrate users Minecraft 1.21.9 Release Candidate fixes key bugs What hospitals are not telling you about killer bugs in their wards Both ruling and opposition alliances finding it difficult to close seat-sharing arrangements IIT-Delhi sets fact-finding panel after row over conference on caste and race Finding Racing Lines In India’s Motorsport Landscape Finding an Aadhaar center has become super easy how finding oil changed the Persian Gulf’s ecology
Popular YouTuber Ranveer Allahbadia has officially confirmed his relationship with actor-influencer Juhi Bhatt. The couple was spotted by the paparazzi as they attended the IPL match between Mumbai Indians (MI) and Royal Challengers Bengaluru (RCB) at Wankhede Stadium, held on April 12
43 minutes ago
The Congress leaders' remarks come a day after Congress Parliamentary Party chairperson Sonia Gandhi asserted that the real issue with the government's move to bring bills in a special sitting of Parliament is delimitation, not women's reservation. New Delhi
43 minutes ago
Police in Greece have been recruiting migrants to violently push other migrants back across its land border with Turkey, according to wide-ranging evidence uncovered by the BBC. We have seen internal police documents in which guards describe how the recruitment of so-called mercenaries was ordered
43 minutes ago
An under-construction house linked to the main accused person in the killing of a 26-year-old man in Delhi’s Uttam Nagar on Holi was partially demolished by the municipal corporation on Monday, before the Delhi High Court temporarily halted further action, Bar and Bench reported
43 minutes ago
Heart surgeon with 25 years of experience explains why getting early morning sunlight is important for overall healthAccording to Dr London, waking up early and soaking in the early morning sun is one of the best habits you can adopt. He explains three reasons why. Published on: Apr 14
43 minutes ago
Editorial independence is core to our work. Some links may earn us a commission, without influencing our opinions.My 1.5-ton AC struggled to cool my living room, so I switched to a 2-ton AC — but there’s a catchMy 1.5-ton AC couldn’t cool my living room, so I upgraded to a 2-ton model
43 minutes ago
More than 1,400 actors, directors and filmmakers - including scores of Hollywood stars - have signed an open letter opposing the proposed merger of film studios Paramount and Warner Bros Discovery. The letter, signed by Emma Thompson, Ben Stiller, Javier Bardem and Rose Byrne
43 minutes ago
PM Narendra Modi’s schedule begins with a review of the wildlife passage on the elevated stretch of the Delhi-Dehradun Expressway, followed by the official inauguration Prime Minister Narendra Modi will on Tuesday inaugurate the Delhi-Dehradun expressway
43 minutes ago
As seasons shift, so does the body’s ability to adapt. For many, this transition brings with it a familiar cycle, recurring colds, allergies, fatigue, or flare-ups of existing conditions. While these are often dismissed as inevitable responses to weather changes
43 minutes ago
Love Horoscope Today for April 14, 2026: A phase in your love life may come to an endLove Horoscope Today: Find daily astrological predictions for all sun signs. Updated on: Apr 14, 2026 7:30 AM IST By Kishori Sud Share via Copy link Aries Love Horoscope Today Love Energy: Stability and commitment
43 minutes ago
For the 35-odd families of Nelangur — a remote hilly village deep inside Abujhmad forests in Chhattisgarh’s Narayanpur district — summer ordeal of travelling long distances for water may be a thing of the past. Once a Maoist stronghold, the village on the Chhattisgarh-Maharashtra border and
43 minutes ago
MP Board Result 2026 Date, Time: MPBSE 10th, 12th results releasing on April 15 at 11 amMP Board Result 2026 Date, Time has been announced. The MPBSE 10th, 12th results will be declared on April 15 at 11 am. Updated on: Apr 14, 2026 11:39 AM IST By HT Education Desk | Edited by Papri Chanda Share
43 minutes ago
The funeral of legendary Indian singer Asha Bhosle has taken place in Mumbai, a day after she died at the age of 92. The two-time Grammy nominee was cremated at the city's Shivaji Park on Monday with full state honours. The ceremony was attended by celebrities and politicians
43 minutes ago
The International Monetary Fund, World Bank and International Energy Agency on Monday (April 13, 2026) urged countries to avoid hoarding energy supplies and imposing export controls that could worsen what they called the biggest shock ever to the global energy market
43 minutes ago
HDFC Bank revamps Regalia Gold Credit Card: What’s good, what’s notThe changes to HDFC Bank Regalia Gold Credit Card and whether they are good or bad for the cardholders. Published on: Apr 14, 2026 11:54 AM IST By Gopal Gidwani Share via Copy link Since the start of 2026
43 minutes ago
FBI’s post on Indian student Mayushi Bhagat who went missing in 2019 makes internet ask ‘Why now’According to the FBI, Mayushi Bhagat has been missing since 2019. Updated on: Apr 14, 2026 11:06 AM IST By Trisha Sengupta Share via Copy link A tweet shared by the FBI about Mayushi Bhagat has
43 minutes ago
Trinamool Congress leader Derek O'Brien accused the Centre of "mocking Parliament" over the women's reservation and delimitation bills. He stated that lawmakers have not yet received the draft legislation, despite Parliament convening soon. The Union Cabinet has cleared draft bills to reserve 273
43 minutes ago
A tanker previously sanctioned by the United States and linked to China has passed through the Strait of Hormuz, becoming an early test of Donald Trump’s newly imposed naval blockade targeting Iran’s oil trade, Reuters reported on Tuesday. The vessel, Rich Starry, earlier known as Full Star
43 minutes ago
Pisces Horoscope Today for April 14, 2026: A practical conversation may help more than a dramatic pushPisces Horoscope Today: Quiet strengths are more useful than showy ones now. Updated on: Apr 14, 2026 11:03 AM IST By Ishita Kotiya Share via Copy link Pisces (Feb 20-Mar 20) Daily Horoscope
43 minutes ago
After leak, Vijay’s final film Jana Nayagan airs illegally on a local cable channelVijay’s final film, Jana Nayagan, was aired on a local cable channel on April 11 despite it awaiting clearance from the Central Board of Film Certification. Apr 14, 2026
43 minutes ago
In a packed concert venue on Sunday, New York City's youngest mayor in over a century took the stage to tout his achievements during his first 100 days in office. Thousands gathered at the Knockdown Center, a former factory in Queens, some carrying signs that said "Pothole Politics" and "Childcare
43 minutes ago
A Hindu-majority pocket surrounded by Muslim-dominated areas, Jafrabad still bears visible scars of the arson and killings in which Harogobindo Das and his son Chandan were killed. Their family continues to live in fear despite CCTV surveillance, a nearby police camp
43 minutes ago
There's no doubt the US military has the capability to mount a blockade of vessels moving in and out of the Gulf. The question is: to what end? I do think it's doable," retired US Rear Admiral Mark Montgomery told the BBC this morning. "And it's certainly less risky than the alternative
43 minutes ago
It was a full-on cricket night in Mumbai, and like many fans, Kareena Kapoor decided to soak in the stadium energy with her family. But amid the cheers, jerseys, and match-day excitement, a brief moment from the outing ended up catching more attention than the game itself
43 minutes ago
A dramatic finish saw McIlroy recover from a wayward tee shot on the 18th to secure victory with a bogey, joining legends like Jack Nicklaus and Tiger Woods as one of the few to successfully defend the Masters. The win, his sixth major, underscores his resilience and ability to triumph despite not
43 minutes ago
ICICI Prudential Life Insurance Company Ltd is scheduled to report its March quarter results on Tuesday, while its board will consider declaring a dividend, if any, for the financial year ending March 31, 2026. The results announcement is likely in the afternoon
43 minutes ago
Mumbai Indians (MI) are struggling in IPL 2026, currently positioned 8th after three consecutive losses. Their latest setback came against RCB, where Rohit Sharma was retired out with a now confirmed injury. The Mumbai Indians (MI) are currently in pretty poor form in the IPL 2026
43 minutes ago
