BlockBeats News, May 12th, AI cybersecurity startup Depthfirst announced that its self-developed AI vulnerability discovery model has found multiple high-risk security vulnerabilities missed by Anthropic Mythos, claiming that the overall cost is only one-tenth of the latter's. Depthfirst CEO Qasim Mithani stated that by optimizing the model architecture for a single task, the company can achieve "doing $10,000 worth of Mythos work with $1,000."

Depthfirst also launched a new initiative called the "Open Defense Initiative," which will provide a total of $5 million to open up its AI vulnerability detection tool to enterprises and open-source developers for discovering code security issues.

The article mentioned a critical vulnerability discovered by Depthfirst in the most widely used web server, NGINX, a vulnerability that has been present since 2008 and could theoretically impact a large number of websites globally. F5 Networks, currently responsible for maintaining NGINX, is expected to release a patch later this week.

In addition, Depthfirst also disclosed a high-severity vulnerability in the Linux system that could be exploited for remote code execution, which has not yet been patched. Its model also identified multiple security issues in Google Chrome browser and the open-source multimedia framework FFmpeg, with the Chrome-related vulnerabilities already fixed by Google.

The report pointed out that as AI accelerates the ability to discover vulnerabilities, the cybersecurity industry is entering a phase of "simultaneous AI-driven offense and defense." Previously, Anthropic revealed that its Claude model was used by a Chinese hacker group for cyberattacks, and Google also warned this week that criminal organizations have started using AI to develop "zero-day vulnerability" exploit tools.