Evan Luke

[1/n] Recent OpenAI research has demonstrated the ability of LLMs to solve frontier problems in mathematics. We design a simple pipeline (using GPT 5.5 Pro and Claude Opus 4.8) that resolves 9 challenging open problems, including open problems from prominent theoretical computer science venues—4 from COLT open problem list and 1 from FOCS —as well as 4 problems from the commutative algebra. Project link: github.com/Pengbinghui/pi…, joint work with @runzhou_tao, Steven Wang & @HantaoYu_Theory

@_xpn_ very cool thanks for sharing!

New blog post is up looking at how LLMs are making local EDR rulesets, YARA rules, and behavioral detections trivial to extract. This post focuses on how simple the harness can be. Buckle up h4xx0rs, the next few months are gonna get interesting! specterops.io/blog/2026/06/2…

After publishing our whitepaper (blog.doyensec.com/2026/05/27/aik…) comparing Aikido and XBOW, we evaluated our own AI-assisted testing workflow against one of the same targets to see whether it would identify the same High and Critical findings. Built by and for our security engineers, our tooling accelerates codebase understanding, builds a knowledge base of application behavior and architecture, and uses that context to uncover vulnerabilities. Beyond rediscovering the previously reported and fixed issues, the workflow identified two additional vulnerabilities: * A cross-tenant invitation token validation flaw [PR#1561](github.com/getfider/fider…) * A read-only SSRF in the OAuth implementation [PR#1567](github.com/getfider/fider…) Both issues were responsibly disclosed and promptly remediated. Our conclusion: AI-powered security tooling can significantly enhance testing, but the best results still come from combining it with experienced human expertise. #Doyensec #appsec #security

@HatforceSec looks very interesting!

Academics should spend their intellect on novel ideas. instead, they're buried under reviewer requests to: - 10× the dataset - 10× the ablations - polish the writing another 10× - compare against 100 more papers The result? More effort. Not necessarily more science. Hello 👋 gumu.ai an AI-first paper studio that automates the paper grind so researchers can focus on what actually matters again: novelty The stone age of paper editing is over. cc @Zaddyzaddy

@francisco_oca github.com/EvanThomasLuke…

In just a few months since inception it has quickly grown to include people from top security startups, AI labs, public institutions, VC firms, Fortune 500 and college students. @francisco_oca and I started this in February and we are very excited to see it continue growing!

I have updated the Awesome-AI-Hacking-Agents and Awesome-AI-Security-Skills repos. There are now over 100 open source agents and 40+ skill repos! The AI Hacking Discord has grown to over 300 members! (ling in repo) github.com/EvanThomasLuke…

@deredleritt3r Thank you for clarifying for people. Need more thoughtful analysis in these times for leaders to make informed decisions, not basing their analysis on clickbait journalism.

@deredleritt3r Insane clickbait title lol. People seem to think test time scaling with a good harness can only benefit previous generations of models. Matching performance on a benchmark with TTS and comparing that to a model's performance without TTS is not a fair comparison.

Parsing through the WSJ article entitled "China Has Matched Anthropic in Cybersecurity, Resetting AI Race": 1. Contrary to the article's spooky title, it doesn't even attempt to claim that GLM-5.2 has matched Mythos in cybersecurity capabilities. The only substantive claim in the article comparing GLM-5.2 to Mythos is much weaker: "When given further instructions, Opus 4.8 and GLM-5.2 can match Mythos in bug-finding ability, according to researchers." 2. The article also mentions a new "bug-finding tool" called Tulongfeng, released earlier this week by 360 Security Technology (360ST). 360ST says it's "comparable to Mythos in finding bugs". First, even assuming that this is true, Tulongfeng appears to be a multi-agent tool that uses AI model(s) under the hood. Mythos, on the other hand, is a standalone AI model; it does not need any multi-agent set-up or harness to have significant cybersecurity capabilities. I invite the reader to imagine what Mythos 5 would be capable of if placed in a special multi-agent harness designed specifically for cybersecurity operations. Second, unlike with Mythos, there does not appear to be any data substantiating 360ST's claims regarding Tulongfeng other than information provided by 360ST. 360ST's CEO (who, BTW, is a "member of China’s top political advisory body" - imagine what the incentives are there) said that Tulongfeng had found "3,432 vulnerabilities, including 105 confirmed by Chinese authorities". These claims have not been verified independently. 3. Most importantly, these comparisons to Mythos entirely miss the mark regarding Mythos' most important cybersecurity capability. *Finding* vulnerabilities is not the most impressive aspect of Mythos (even Opus 4.6 had a decent record in finding some vulnerabilities). The magic of Mythos is in autonomous exploit development. Quoting Anthropic's red team blog: "Our internal evaluations showed that Opus 4.6 generally had a near-0% success rate at autonomous exploit development. But Mythos Preview is in a different league... Opus 4.6 turned the vulnerabilities it had found in Mozilla’s Firefox 147 JavaScript engine... into JavaScript shell exploits only two times out of several hundred attempts. We re-ran this experiment as a benchmark for Mythos Preview, which developed working exploits 181 times, and achieved register control on 29 more." You will note that the WSJ article and 360ST both focus on *finding* vulnerabilities - something even Opus 4.6 could achieve once in a while (and would probably be able to do even better if placed in a specialized multi-agent harness). Conversely, there is no mention anywhere of GLM-5.2's or Tulongfeng's abilities to autonomously develop exploits. This is probably for a good reason.

@VittoStack would like an invite, been red teaming AI since gpt-4 era. Currently building a knowledge base of prompt injections and jailbreaks.

4 days ago we launched Jailbroken, a PRIVATE Discord community to learn AI red teaming and safety. Since then: - Over 250 security researchers joined - Top resources have been collected - People shared countless techniques and discoveries Today, we've secured over 100B in FREE AI tokens for all the members. If you want to join, drop a comment.

BREAKING: The Trump Administration has struck a deal with Anthropic which grants the company permission to release its Mythos 5 model to a group of ~100 companies and federal agencies, per CNBC. Details include: 1. Senior Anthropic staffers flew to Washington DC to meet with members of the Trump Administration 2. Anthropic said earlier this month that it disabled access to its Fable 5 and Mythos 5 models to comply with an export control directive from the government 3. The Trump Administration and Anthropic have been in a two-week-long standoff over its latest models This deal will have industry-wide implications.

OpenAI gave METR early access to GPT-5.6 Sol for testing including raw chain-of-thought, a railfree version of the model, and internal information about the model. With this access, METR conducted a pre-deployment evaluation of GPT-5.6 Sol, including an attempted measurement of its 50%-Time Horizon. However, the measurement depends heavily on our treatment of cheating attempts, and GPT-5.6 Sol’s detected cheating rate was higher than any public model we have evaluated.

New w/ @leomschwartz @amir: The Trump admin has asked OpenAI to stagger the release of GPT-5.6 over security concerns. On Thursday, CEO Sam Altman told staff that the government will be approving access to GPT-5.6 customer by customer, a highly unusual approach.

We want to help all companies be secure, working with the USG and the security ecosystem. *The full version of GPT-5.5-Cyber is here; state of the art performance on CyberGym. *Patch The Planet and Codex Security will help solve security problems instead of just finding them.

@alisawuffles congrats! Appreciate the share super helpful

I'm joining OpenAI next week!🥹 The job search turned out to be really challenging but also super rewarding, so I wrote a small blog to share what I learned along the way and hopefully make the process a little less mysterious for the next person. alisawuffles.github.io/blog/job-search

theguardian.com/technology/202… Powerful AI models capable of taking down governments and businesses are mere months away, cyber intelligence agencies for the Five Eyes have warned in a rare joint statement, urging leaders to “act now”.

@emollick vibe manager

Some (early) evidence that managers have the highest success rate in using Claude Code for coding. I have been arguing that management is an AI superpower, as clearly specifying what you want, how to do it & what good looks like is key to using agents. oneusefulthing.org/p/management-a…

Introducing autoresearch for arXiv papers Change 'arxiv' to 'autoarxiv' in any paper URL An agent deploys to resolve setup issues on the codebase, run a minimal reproduction, and estimate full replication cost. Read more below

Two years ago, AISI launched Inspect: an open-source toolkit for evaluating the capabilities and safety of LLMs. Today, we’re releasing the AISI Engineering Playbook - the methods, practices, and infrastructure we've developed while evaluating frontier AI systems. 🧵