{"id":45535,"date":"2026-04-18T10:18:52","date_gmt":"2026-04-18T02:18:52","guid":{"rendered":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/2026\/04\/18\/commercial-ai-models-show-rapid-gains-in-vulnerability-research-infosecurity-magazine\/"},"modified":"2026-04-18T10:18:52","modified_gmt":"2026-04-18T02:18:52","slug":"commercial-ai-models-show-rapid-gains-in-vulnerability-research-infosecurity-magazine","status":"publish","type":"post","link":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/2026\/04\/18\/commercial-ai-models-show-rapid-gains-in-vulnerability-research-infosecurity-magazine\/","title":{"rendered":"Commercial AI Models Show Rapid Gains in Vulnerability Research &#8211; Infosecurity Magazine"},"content":{"rendered":"<p>While non-public frontier AI models, like <a href=\"https:\/\/www.infosecurity-magazine.com\/news\/anthropic-launch-project-glasswing\/\">Anthorpic&rsquo;s Claude Mythos<\/a>, have been shown to identify thousands of zero-day vulnerabilities across major operating systems, commercial models are also indicating progress in the discovery of software bugs.<\/p>\n<p>Forescout&rsquo;s Verde Labs found that just a year ago 55% of AI models failed basic vulnerability research and 93% failed exploit development tasks.<\/p>\n<p>Progress has been made however, and in 2026 the cybersecurity firm said all tested models&rsquo; complete vulnerability research tasks, and half can generate working exploits autonomously.<\/p>\n<p>As part of the research, 50 AI models were tested including commercial, open-source and underground.<\/p>\n<p>The most capable models Forescout tested &ndash; Claude Opus 4.6 and Kimi K2.5 &ndash; can now find and exploit vulnerabilities without complex prompts, making them accessible to inexperienced attackers.<\/p>\n<p>&ldquo;These are widely available AI models exceeding human capability,&rdquo; said Rik Ferguson, VP Security Intelligence at Forescout. However, he admitted this may not be at the scale, speed and quality of Mythos.<\/p>\n<p>During testing Forescout said that using single prompts, the RAPTOR agentic framework, and the firm&rsquo;s own extensions, they discovered four new zero-day vulnerabilities in OpenNDS which is widely deployed.<\/p>\n<p>RAPTOR is an open-source, agentic AI framework designed for cybersecurity research, offense and defense.<\/p>\n<p>Ferguson explained that one of the vulnerabilities that was found was in code that Verde Labs had already manually analyzed and had not identified.&nbsp;<\/p>\n<h2><strong>AI Lowers the Barrier to Discovering Unknown Vulnerabilities<\/strong><\/h2>\n<p>The commercial models performed best in Forescout&rsquo;s testing, but they remain expensive, the firm admitted. Claude Opus 4.6 for example costs up to $25 per million output tokens.<\/p>\n<p>Meanwhile, open-source alternatives such as DeepSeek 3.2 can handle basic tasks at a fraction of the cost, with all test tasks costing less than $0.70.<\/p>\n<p>Claude Mythos by comparison will be available to participants at $25\/$125 per million input\/output tokens.<\/p>\n<p>Using different models based on task complexity and cost is emerging as a practical strategy for both defenders and attackers.<\/p>\n<p>Forescout noted, that if its research can uncover new vulnerabilities with open models, and large initiatives such as Project Glasswing can surface thousands of zero-days in critical software, organizations should assume their environments contain unknown vulnerabilities that AI will find, whether used by&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>While non-public frontier AI models, like Anthorpic&#038;rsq [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-45535","post","type-post","status-publish","format-standard","hentry","category--infosecurity-magazine"],"_links":{"self":[{"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/posts\/45535","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/comments?post=45535"}],"version-history":[{"count":0,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/posts\/45535\/revisions"}],"wp:attachment":[{"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/media?parent=45535"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/categories?post=45535"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/tags?post=45535"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}