We Got Anthropic's Glasswing at Home (Who Needs Mythos 5 or Fable 5?) (blog.attacks.ai)

Anthropic's new tool, Glasswing, has been developed into a personal autonomous security researcher capable of independently identifying vulnerabilities within a codebase. The creator tasked their machine to target the hermes-agent code with promising results, ultimately uncovering two legitimate security flaws after rigorous processing. Glasswing’s setup involves a custom pipeline named Lucent, which includes stages for ranking potential vulnerabilities, hunting down leads, verifying findings, and attempting to exploit them, all running locally on a single powerful GPU. This project is significant for the AI/ML community as it illustrates the potential for using advanced models in security research, enabling more accurate and efficient vulnerability assessment without reliance on cloud processing. Lucent employs a ranked multi-agent system to filter through candidate vulnerabilities, dramatically improving the efficiency of identifying real issues by discarding false positives early in the pipeline. By demonstrating a system that functions effectively on local hardware, this venture not only democratizes the tools available for security analysis but also underscores the importance of iterative refinement and verification in AI-driven security methodologies.