1 comment

[ 0.21 ms ] story [ 17.4 ms ] thread
From Eric Hartford at Lazarus-AI [1]: "Clearwing is a fully open-source vulnerability discovery engine. Crash-first hunting, file-parallel agents, oracle-driven verification, variant hunting, adversarial verification. Works with any LLM."

"I tested it with OpenAI Codex 5.4 and reproduced Glasswing's findings. I'm now reproducing results with our own ReAligned model - Qwen3.5 finetuned to Western alignment."

"Mythos is certainly a great model. The N-day exploit walkthroughs in Anthropic's blog show real reasoning depth. But it's an incremental improvement..." "The real innovation isn't the model. It's the workflow:

- Rank every file in a codebase by attack surface

- Fan out hundreds of parallel agents, each scoped to one file

- Use crash oracles (AddressSanitizer, UBSan) as ground truth

- Run a second verification agent to filter noise

- Generate exploits as a triage mechanism for severity

That's a pipeline. And pipelines are model-agnostic."

Disclaimer: I'm not affiliated with Eric/Lazarus in any way.

[1] https://x.com/QuixiAI/status/2044952124568527298