NebuSec

This bug was found by our AI security agent using @OpenAI GPT-5.4. The full exploit completed in 7 seconds and turned into a $82,337 bounty. It’s one of the most interesting vulnerabilities we’ve worked on, and we’ll share a full write-up once all patches are in place.

A single bit was all it took. We successfully exploited the kernelCTF LTS kernel with a novel 1-bit flip attack against a 15-year-old vulnerability. It affects the latest versions of all major distributions, including Android, Ubuntu, Debian, Red Hat, CentOS, and Fedora.

In March, our pipeline discovered a critical vulnerability in the Linux kernel’s netfilter subsystem. We exploited this vulnerability and earned $10,050 in kCTF. In this post, we walk through the technical details of the vulnerability and the exploit. Link post below

Our code auditing agent with “inferior” model discovered 300+ bugs in 3 days under $20k cost. 25 were confirmed exploitable zero-days. We already built 6 browser exploits across 6 different 0-days and 3 Google COS kernel exploits, with 21 more exploitable cases in the pipeline:

Mythos is not the moment AI suddenly changed cybersecurity. LLMs already did that a long time ago. What Anthropic presents looks much more like incremental improvement rather than a fundamental change. Meanwhile, publicly available models are already producing stronger results when equip with the right workflow. nebusec.ai/?from=x