Comments

Clive Robinson May 16, 2026 7:16 AM

@ Bruce, ALL,

Is Capture the Flag going Extinct?

I’ve expressed the view that whilst Current AI LLM and ML Systems don’t reason they also don’t find new, so

“They only pattern match old”.

And one implication of this is that those who can find new by reason will not get the opportunity to learn to be “hinky”. That is develop the skills that will enable them to reason out new attacks / defences.

Because ICTindustry management would rather buy tokens than employ people because the view is “shareholder value” thus management benefit comes from,

1, Low to approaching no technology capable employees.

2, Use as much AI for technical work as can be forced onto the few remaining technology employees as they “age out to termination”.

Thus rather than what management in the West did starting in the 1960’s and lasting about thirty to forty years of destroying home industry. By “short term view” handing everything over to the peoples of Japan, South Korea, Taiwan, and China for “reduced costs” etc.

Ending up with certain parts of the West now have effectively no home technological capability of worth. The same mentality management are now going to hand home economy skills over to hardware that they can not build as they don’t have the human skill base any longer…

It does not take long to realise that much of the US Economic Activity thus real GDP is based on non tangible technology companies that currently earn income by “social media, internet advertising and surveillance”. With the smaller manufacturers putting “A chip in every where to rent seek via DMCA 1201”. With of course the chip and more increasingly the software on it being made in the “Far East” (something that C19 showed was a danger as the automotive and similar industries got hit so badly).

Well without “security competent staff” in rather more than just software “finding the new” the West is going to find it can not “defend the old” they are “buying in”.

Yes this sounded like a “Dystopian Existential threat” that some thought made me sound paranoid (again ;). However a look at Spanish History and how the Gold from South America changed it’s society so devastatingly is something people should note. Likewise what mineral wealth has done to South America. It’s a lesson other European and Middle East nations appear to be aware of and clear signs are arising of similar thinking in the Smaller Far East Nations.

But more people are not just starting to think about the loss of skills and society, they are actually seeing it first hand,

https://kabir.au/blog/the-ctf-scene-is-dead

As I’ve said before I’m what in Europe we call,

‘Conservative with a “small c” and socialist with a ‘small s'”.

That is I can see the strengths and weaknesses in both, and thus know that we need a balanced mix for society as we know it to exist and flourish.

US style neo-con capitalism however sees neither view point as valid, but it does know how to use and abuse such view points. It cares not for long term building but near everything expressed in short term self entitled gain. Of the “Don’t leave money on the floor” mantras as well as “treat community paid for property” as your own to abuse and destroy.

The half truth of,

“You will own nothing and be happy”

Is the last bit because “happy” will have to be bought day by day for your entire existence on what they used to call “the never never” of rent and high interest causing inflation that will rob you of any longterm future.

In short “The drug pusher model of life”…

K.S May 16, 2026 8:47 AM

@Clive Robinson

LLMs do reason (inferences, deduction, etc.), but they are not yet creative/capable of intention. That is, they don’t yet have human-like opponent processing that we think enables creativity. I think this is solvable process.

bye bye ai May 16, 2026 11:51 AM

@k.s

LLMs reason, for some definition of reason. When people who are opposed to AI claim that LLMs’ ability to engage in next token prediction merely makes them efficient text extruders rather than meaning makers, I don’t grasp the force of this criticism. I don’t grasp the force because I cannot make heads or tails of most the comments I read on the internet that are supposedly made by humans. Which is to say as far as I can tell most humans are just extruding text, rather than making meaning. We used to call this human behavior bullshitting or writing gobbledegook but extruding text conveys the same.

This is why I like to say the anti AI people are correct about AI, they are wrong about people. They keep insisting there is something special about what humans do that is categorically different than what LLMs do but I admit I cannot see it. Where is all this supposed reasoning, creativity, meaning that humans possess in abundance? I never encounter that. It’s more likely human vanity than anything genuinely exceptional.

lurker May 16, 2026 2:43 PM

@Clive Robinson
re the CTF scene is dead

The author claims to have started university in 2021, and now is
“Senior Cyber Security Testing Intelligence Engineer
Securing Australia’s largest electricity network”

A bright eyed, bushy tailed young fella out to conquer the world. At least he has seen and identified the problem. There must be others who think alike, together they will solve it.

Clive Robinson May 16, 2026 5:29 PM

@ lurker,

With regards,

“There must be others who think alike, together they will solve it.”

That is the “technology optimist” view point…

Now ask the question, a “humanity pessimist” asks,

“Will management allow them to solve it?”

My view point is,

“If there is no short term gain in it for the shareholders or the management then no.”

I started out as a “technology optimist” and thought I could find technical solutions to problems that effect humanity.

But working with nearly all company management darkened my soul, as I increasingly saw the “dark side” within them. Now I’m a “humanity pessimist” with regards neo-con type short term outlook grifters that appear so readily in certain cultures and their managers.

Hopefully you will be luck and remain an optimist but I’ve come to understand the wisdom of,

“Technology is agnostic to use, it just acts as a force multiplier, for a directing mind, so technology can not solve societies issues any more than a hammer can”.

The sad thing is most humans are actually fairly decent, and they are what I actually believe in. It’s our ability to take on responsibility not just for our own personal gain but for the benefit of others that has enabled us to build society and all the good things that has come with it.

Clive Robinson May 16, 2026 7:09 PM

@ K.S.,

With regards,

“LLMs do reason (inferences, deduction, etc.), but they are not yet creative/capable of intention.”

Sorry no. As I’ve been saying here since this LLM Hype started,

“Current AI LLM systems are just ‘Digital Signal Processing'(DSP) circuits. Where the individual filter weights define the various resonators that can be adjusted to make an ‘adaptive matched filter’.”

So all the LLM can really do is “pattern match” to a static translation table (think of it as a form of database search, which it is).

The problem is that you would get the same output every time you gave the same input. Which would quickly show it was no more than a very large “1980’s expert system”.

Hence the reason the “Searl’s Chinese Room” applies.

So a degree of “Stochastic behaviour” is added that is the filter gets slightly “randomized” in effect you “throw dice” to select between very similar tokens.

The result of this is you get a degree of “drunkards walk”. To little randomisation and you get next to no variation in the token selection from run to run. To much and well you in effect get what is often incorrectly called “hallucination”.

The degree of randomisation is set by the LLM “temperature”

<

blockquote>What is LLM TEMPERATURE

In artificial intelligence (AI) and machine learning, temperature is a parameter for adjusting the output of large language models (LLMs). Temperature controls the randomness of text that is generated by LLMs during inference.

“LLMs generate text by predicting the next word (or rather, the next token) according to a probability distribution. Each token is assigned a logit (numerical value) from the LLM and the total set of tokens is normalized into a “softmax probability distribution.” Each token is assigned a “softmax function” that exists between zero and one, and the sum of all the tokens’ softmax probabilities is one.

The LLM temperature parameter modifies this distribution. A lower temperature essentially makes those tokens with the highest probability more likely to be selected; a higher temperature increases a model’s likelihood of selecting less probable tokens. This happens because a higher temperature value introduces more variability into the LLM’s token selection. Different temperature settings essentially introduce different levels of randomness when a generative AI model outputs text.

Temperature is a crucial feature for controlling randomness in model performance. It allows users to adjust the LLM output to better suit different real-world applications of text generation. “

<

blockquote>

‘https://www.ibm.com/think/topics/llm-temperature

So it varies the pattern matching probability distribution like the Q of a DSP filter and in effect changes the spectral bandwidth of the filter on an approximation to a RMS curve.

So a fully determanistic process, that can be perturbed randomly. You can make the equivalent with a lookup table and a couple of dice.

So the LLM does not in any way reason and the table is effectively static so the output would be invariant for the same input without the “randomisation”.

Thus to look for “reasoning” you would have to look at the values in the lookup table. You would need to then ask,

“Can you encode reason in a table?”

The answer all depends on what you mean by “reason”. We know you can easily encode logic in a table, we call it a “Boolian Logic Map”, we can also encode mathematics those who went to school pre 1970’s will have seen not just “multiplication tables” but “trig” and “log” tables. But of more interest we can also encode the likes of FFT’s and similar so spectrums can be encoded as well.

The problem is none of this is “reasoning” in the broader sense because all the table does is,

“Map a known to a known”

That is it is a codification of the “old” there is nothing “new”.

I would notmally stop at that point, but let’s take it a little further.

How are those LLM lookup tables generated?

Well that is primarily the job of the ML System. These basically tabulate collated input data. As part of this they “order the entries” in the table. That is they define a spectral relationship between tokens.

Does this “enable reasoning” again it depends on your definition of reasoning.

The IBM article notes,

“It’s worth noting, however, that anthropomorphic terms like a model’s “thought process” are more convenient than literal. Like all machine learning models, reasoning models are ultimately just applying sophisticated algorithms to make predictions –like what word should come next– that reflect patterns learned from training data. Reasoning LLMs have not demonstrated consciousness or other signs of artificial general intelligence (AGI). AI research published by Apple in June 2025 casts doubt on whether current model reasoning abilities can scale to truly “generalizable” reasoning”

Well nothing has actually changed since that research Apple published.

So I’m sticking with what I say in that

“Current AI LLM and ML Systems can not reason out anything new.”

However I’m not discounting “the roll of the dice, allowing fuzzing to cause the drunkard to walk somewhere new.

r May 16, 2026 8:56 PM

@clive,

as a small addendum to your re-referenced post about b.b.b. and client side scanning, i’ve really truly honestly been trying not to pollute and contribute to the conversations and community.

but any appealing aside

sensors are cheaper than application processors, sensor data can also be monitized easier than privacy applications. forgive the term, but most of us are running around with the redcoats holding our arms.

if this were happening 250y ago it would’ve been game over: good bye future hopeful endevour of every man created equal blah blah blah.

no founding fathers, known knowns. when why what who where and all that metadata.

have a nice cup of tee ya’ll.

Weather May 17, 2026 12:59 AM

@All
I’ll like to play the devils advocate, but ask openai or claude ,were is “trytinpot tree line”.
Does it try to give a answer or question? When are they going to program the question? In the 2000 i knew random function wasnt intelligence. The things they do with speech,text etc, you could buy a $1 chip that did phomins in 20th century. Granted its good programming and sad marketing calling it intelligence.

Clive Robinson May 17, 2026 3:29 AM

@ broken goddess, ALL,

With regards,

“A security researcher says Microsoft secretly built a backdoor into BitLocker, releases an exploit to prove it”

The first thing to get out of the way is,

“Does it matter if it’s an intentional backdoor or incompetence?”

The practical answer is “NO” because it renders Bitlocker protection moot irrespective of if you are a “TechSup tech”, “cracker/hacker”, “guard labour”, “data broker”, or “uncle Tom Cobbly et al”.

The underlying cause is a well known “Keying Material”(KeyMat) issue of the “Where and how” of “system at rest KeyMat storage”.

People should not forget that the reason we have a TPM module on just about every “Personal Computer” these days goes back to the early times of the entertainment industry and CDs and DVDs that have the same KeyMat issues.

You can read up about the “Fritz Chip” that became the TPM chip that Microsoft forced onto PC manufacturers in a write up by the late Prof Ross j. Anderson.

You can find in more general literature starting way back last century with the “tape recorder” and specifically the “Sony Walkman” why the Entertainment industry wants as much control over people as it can and why it was bribing US legislators to do things that were known not to work. Which became embarrassing obvious with the DeCSS debacle.

It boils down to the way to protect “Data at Rest” or even in an active system is via “encryption”. The problem with encryption is that you need “keying material”(KeyMat) to get “plaintext from ciphertext”. In military/diplomatic communications going back centuries the “first and second parties” in an encrypted communication were considered to some extent “Trusted” therefore they got given the KeyMat in a human usable/readable format such as a “code book” and later as they became less trusted on machine readable “crypto-ignition” punch cards / tapes and devices such as “Fill-Guns” and “CIK-Plugs”.

But if you don’t trust users then you don’t want them to ever have direct access to the KeyMat and there is a problem with this in that you need to build up “a chain of trust” from a “root of trust” in some way but keep it hidden from the user.

These days there are two basic ways this can be done,

1, Online via a security server that issues KeyMat to a user device.
2, Offline via an obfuscated key/process embedded in the user device.

Back prior to the 1990’s the “Online” option was not available even to “Satellite TV” operators.

So the questions of how do you,

1, Embed a “Root of trust”.
2, Obfuscate the “Root of trust”.
3, Build the “chain of trust”.

Importantly,

“Under all states of the user device.”

The answer is,

“You can not do it by just intangible information systems, you need some form of tangible physical system.”

In “Hardware Security Modules”(HSM) all “crypto is done within the HSM thus the “root of trust” is never available outside of the HSM once setup in all states of use.

Microsoft however for various historical reasons needs direct access to the KeyMat thus has to pull it outside of the HSM physical security before it can use it.

For reasons of “tech support”, “incompetence”, or “malicious intent” depending on your view point Microsoft decided not to use an obfuscation method using a “user authentication factor” whilst Apple on iPhones did (hence the fun with the US FBI and DOJ a few years ago).

The consequence of this Microsoft Decision is that,

“At some point the KeyMat is in a non intangible protected state in the non tangible protected areas of the user system.”

Thus all you have to do is “catch the root of trust” in some way, which is what this exploit clearly does.

I could give lots of reasons for doing things the Microsoft rather than the Apple way for “Tech Sup” reasons, but the flip side is they all end up looking like “Back Doors” if you chose to view them that way.

As I’ve said in the past,

“The easiest way to hide a back door is to make it look like incompetence rather than design.”

I think most would agree that Microsoft has had far greater levels of incompetence than other commercial and consumer OS designers and suppliers.

Any on else remember the “NSA Key” incident with Microsoft code back last century?

‘https://en.wikipedia.org/wiki/NSAKEY

How about the removal of the Elephant Diffuser from the Bitlocker crypto?

‘https://en.wikipedia.org/wiki/BitLocker

And a whole load more Microsoft security incompetencies?

They certainly appear to have had more than you might reasonably expect 😉

Clive Robinson May 17, 2026 4:07 AM

@ lurker,

Whilst I remember, you might find this of some interest,

https://m.youtube.com/watch?v=aooiDA-AsNo

However it was “pushed at me” by someone else so…

As it’s marked as a “fundraiser” you should have some “care/consoderation” however the organisation behind it is technically a news media outlet…

Weather May 17, 2026 1:51 PM

@Clive

Don’t forget the Microsoft malloc bug. If a programmer checks to see if its successful a return value can pass but a block didn’t get allocated.
Some value around 0x7b00e080

lurker May 17, 2026 2:16 PM

@Clive Robinson

re dark side of management

When I saw the clouds rolling I have always managed to jump out of the way. The techno-optimist finds something new without waiting like Mr. Micawber.

re YT link

At first this looked like a young people’s problem. Then I saw it is a problem identified by Karl Marx 150 years ago.

cata May 17, 2026 3:40 PM

https://github.com/Nightmare-Eclipse/MiniPlasma

After re-investigating the technique used in GreenPlasma (specifically SetPolicyVal), it turns out cldflt!HsmOsBlockPlaceholderAccess is still vulnerable to the exact same issue that was reported to Microsoft 6 years ago. I’m not taking full credit for this, James Forshaw from google project zero found the vulnerability and reported it to Microsoft and was supposedly fixed as CVE-2020-17103.

However, a research who’s a friend of mine pointed out that the routine might still have a vulnerability, which is something I considered but brushed off because I thought it was impossible for Microsoft to just not patch this or rollback the patch.

After investigating, it turns out the exact same issue that was reported to Microsoft by Google project zero is actually still present, unpatched. I’m unsure if Microsoft just never patched the issue or the patch was silently rolled back at some point for unknown reasons. The original PoC by Google worked without any changes.

To highlight this issue, I weaponized the original PoC to spawn a SYSTEM shell. It seems to work reliably in my machines but success rate may vary since it’s a race condition.

I believe all Windows versions are affected by this vulnerability.

Clive Robinson May 18, 2026 9:34 AM

@ Weather,

With regards,

“Don’t forget the Microsoft malloc bug.

Malloc has been “cursed since day one” of K&R / Unix as far as security goes.

At least in the K&R case they could fairly legitimately claim the insecurity they built in was for “limited resource” issues.

As I’ve mentioned long ago on this blog, many years ago I backdoored a crypto app to make the point that “code reviews” should not be carried out by the lets say “less productive” programmers in “management’s view”.

I used malloc() / free() as a non obvious / subliminal channel.

Put simply if you use malloc to request a block of heap memory in a subroutine, put a “secret in it” then free it and exit the subroutine. The secret you put on the heap is still there…

If you either have a “hanging pointer”, or you use malloc to request a same sized block of heap, then in most versions of C back then you would get access to the secret that was still on the heap.

Even today few programmers “zero the memory” before calling free.

It’s this sort of thing that makes me susspect that the use of LLMs for “bug finding in Soutce Code” will not be as successful as many think or are claiming / hyping.

Because a second layer on the above trick is to pass not a pointer to the allocated area but usually a few bytes beforehand.

As programmers should know malloc and friends actually put “metadata” about the memory block on the heap in association with the block so free can work. Usually –but not always– this metadata is put infront of the block in a known format. Thus an LLM might stumble because it does not see the pointer to the block metadata as being the same as the pointer to the block data.

It’s worth knowing this because you can use it for all sorts of “hidden activities”.

Another trick used to be have to blocks of memory on the heap that whilst being the same size are not malloc’d at the same time or place in the source code. You can then copy the metadata from one block to the other in effect doing a “half swap”. This makes it even harder to see in the source code exactly what is going on.

This sort of trickery can work in other languages as well with a little more knowledge.

It’s why those learning to “reverse engineer” should be fluent in “machine code” and the tools that access the executable binaries.

Clive Robinson May 18, 2026 10:20 AM

@ ALL,

“Vulnerabilities faster than ML can catch”

A few days ago I pointed out that LLM’s used for “finding bugs” find only “old bugs” not “new bugs” because the LLM works with a bunch of weights that takes an ML a long and very expensive time to build thus does not get run very often.

Well the obvious question is,

“How fast does this rebuild” need to be?”

The answer is we really don’t know but we do know it needs to be maybe as short as a day or two at most…

Which begs the question

“Why that short?”

Well a very short time ago an 18year old vulnerability was found in NginX that is in around 1/3 of web servers on the Internet. Within a comparatively as short time of the vulnerability became known, an instance of attack has been developed and is actively being used”,

NGINX Rift attackers waste no time targeting exposed servers

Researchers say 18-year-old flaw already being probed and exploited just days after disclosure

Researchers at VulnCheck said they are seeing active exploitation tied to CVE-2026-42945, a heap buffer overflow flaw affecting both NGINX Open Source and NGINX Plus that was disclosed last week after apparently sitting unnoticed for 18 years.

VulnCheck’s Patrick Garrity said the company observed exploitation activity on its canary systems “just days after the CVE was published.”

Thus Security Researchers and SysAdmins acting as “defenders” should be thinking about how they are going to “mitigate new instances” of vulnerabilities before they can be found by Current AI in the hands of “attackers”.

It might sound “impossible” but actually in a lot of cases it’s actually not, due to the way the ICT industry tends to operate.

Clive Robinson May 18, 2026 10:39 AM

@ Ismar, ALL,

With regards,

“Europe built sovereign clouds to escape US control. Then forgot about the processors”

It’s not just “the processors”.

Nearly every part in modern ICT Equipment is not fully

“Made in the West”

Thus open to the same issue.

Consider for example the US is already threatening any nation that acts against the US Executives wishes when it come to “Petrol, Oil and Lubricants”(POL) and other energy resources. Basically any where the Trumpeta thinks it’s time to “bomb them back to the stone ages” so he can strut around like a half whited Gobbler (male turkey).

Ismar May 19, 2026 1:47 AM

Also claiming the new use for BC and AC eras – Before and After Copilot 😀

Clive Robonson May 19, 2026 3:40 AM

@ Bruce, ALL,

Ring out those bells around the world

Due to all the LLM nonsense, it’s been quite a while since we’ve had a good,

“Internet of things from China”(IoTfC)

story, which iw why this one is so fun.

It involves an Temu $12 door bell that has a microphone, camera, push button, and connects to your phone via your home network and a server in China. So has to know your home network password that it easily reveals, but apparently it looks nice otherwise why buy it 😉

Anyone on the Internet Can Ring Your Doorbell

Recently I bought a smart doorbell off Temu, the Chinese marketplace that has been gaining popularity worldwide over the past couple of years. I wanted to know how secure the cheap connected hardware sold on that platform actually is.

By the end of a few weekends with one I could:

* silently steal any of these doorbells off its owner’s account
* impersonate the device on a live call, with attacker-chosen video on the owner’s phone
* lift the home WiFi password through a debug port behind a screwdriver

$12 on the front. Whole-network compromise on the back.

The first of those takes a free account on the platform, and redirects every real call from the door to my phone instead of the owner’s. The second takes nothing at all, and invents new calls into the owner’s phone with whatever video I want. The real doorbell stays online either way and never knows. You are basically paying $12 to let anyone on the internet ring your doorbell.

https://www.abgeo.dev/blog/anyone-can-ring-your-doorbell

So a game of “knock down Ginger”[1] that the whole world can play without having to get the exercise benefit of “running away”…

[1] It’s the name given in England to the annoying thing kids used to do of knocking on your door then legging it, so there is nobody there when you open it. I don’t know what they call it elsewhere but it’s died out in the UK, I guess because nobody is ever home because we’re all at work “slaving to starve”. And the kids are to busy “We-ing” or what ever the new cool name for “doom scrolling” is, after they’ve learnt that a makeup pencil is all that’s needed to get them past the UK Gov’s already,

“Doomed to fail in it’s stated aim”

Online Safety Act (OSA).

Clive Robinson May 19, 2026 6:46 PM

@ Bruce, ALL,

AI as dragons tail ruins pizza biz

Whilst many are hyping up AI as a work flow assistant, some are saying it’s a pile of “dragon droppings” at best and doing millions of dollars in damages…

Frustrated franchisee sues Pizza Hut over crappy kitchen AI

The Hut stands accused of breaching its franchise agreement by forcing ‘algorithmic behaviors that slowed production and delivery’ on restaurants, leading to $100M in losses one group wants back

Chaac Pizza Northeast, a franchisee with around 111 Pizza Hut locations in New York, New Jersey, Maryland, Washington DC, and Pennsylvania, filed a complaint in the Business Court of Texas earlier this month accusing the Hut of breaching its franchise agreement by mandating Chaac adopt restaurant management AI from Dragontail, a provider of AI-powered food delivery software.

What was supposed to be a platform that would unify multiple kitchen systems under one AI-managed umbrella allegedly turned out to be a disaster for Chaac, which claims it was a leader among Pizza Hut franchises on metrics like delivery speed and rack time (i.e., the time between a pizza leaving the oven and leaving the store for delivery) prior to forced Dragontail adoption.

https://www.theregister.com/ai-ml/2026/05/19/frustrated-franchisee-sues-pizza-hut-over-crappy-kitchen-ai/5242899

Let’s be honest “large integration projects” have historically turned into disasters something like 8 times in 10. The reasons are many but often boil down to the fact that those developing the project have not got a clue as to how a business actually operates. Most often because the senior management have no actual clue as to how the business they supposedly run actually works. Thus the project documentation is often near useless.

Worse some “smarter management” realise that the first third of a project actually does not have any relevant measures as in effect there is nothing relevant to the business to measure[1]. Thus making it all look good is easy… So they can “jump ship” based on that. If the project is successful then they claim itcwas due to their skills setting the foundation etc that those behind “just followed”. If as is more likely the project hits the rocks then they claim it was the fault of those behind “failed to follow”…

Either way they win, but by then they’ve probably “jumped ship again” and got further up the ladder.

But also the senior management of the company are very unlikely to admit it was one of those 8vout of 10 projects due to “share holders” so it’s in their interest not to say anything whilst desperately trying to salvage something by cutting the project down significantly in scope.

So thinking about that, it’s clear that the 8 out of 10 failure rate will get faked down to 3 out of 10 or less…

Do people actually expect Current AI LLM and ML systems to do any better?

Me I’d expect worse not because I’m not a “technology optimist” it’s just after a life time “looking in/on as an outsider” I’m a “human pessimist” as I’ve seen all sorts of “bad behaviour” and worse treated as “routine” if not completely acceptable…

[1] For those old enough to have been around before “RAD” it was developed as an idea as to how to “prove the initial project documentation” way way earlier in the project life time.

Clive Robinson May 21, 2026 4:16 PM

@ ALL,

Cisco top with a 10 again…

Just when we thought Cisco could not “dunk again” they did just that…

Cisco serves up yet another perfect 10 bug with Secure Workload admin flaw

Switchzilla says attackers could access sensitive data and make configuration changes across tenant boundaries through vulnerable internal APIs

Cisco has disclosed yet another perfect 10 vulnerability, this time warning that unauthenticated attackers could gain Site Admin privileges in its Secure Workload platform simply by sending crafted API requests to vulnerable systems.

In practical terms, that means attackers don’t require credentials, user interaction, or any significant effort to exploit the bug. Cisco said a successful attack could allow remote attackers to “read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user.”

Cross-tenant bugs tend to make cloud customers especially twitchy because they undermine one of the core assumptions of multi-tenant infrastructure: namely that somebody else’s compromise is not supposed to become your problem.

https://www.theregister.com/security/2026/05/21/cisco-serves-up-yet-another-perfect-10-bug-with-secure-workload-admin-flaw/5244012

Quite a few people are going to be rather more than “twitchy”. So wait and see what various “agencies” have to say on the issue.

Clive Robinson May 21, 2026 4:36 PM

@ ALL,

Anthropic hide it again

For the second time “that we know of” anthropic have kept a vulnerability hidden from the world.

Is this to do with the pending IPO or a policy? Either way having been caught out it is behaviour that will not engender trust…

Even Claude agrees: hole in its sandbox was real and dangerous

Another day, another AI bug silently fixed with no CVE and no public disclosure

Two now-patched bypass bugs in Claude Code’s network sandbox put users at risk, and one of these allows baddies to send anything inside the sandbox – credentials, source code, other private data – to any server on the internet, according to a researcher who found and reported both flaws to Anthropic.

Aonan Guan, who leads cloud and AI security at Wyze Labs and has hunted down bugs in pretty much every AI system out there, told The Register that this is the second time in five months Anthropic has silently fixed a sandbox bypass vulnerability in Claude Code without issuing a CVE or security advisory specific to the agentic coding tool.

https://www.theregister.com/security/2026/05/20/even-claude-agrees-hole-in-its-sandbox-was-real-and-dangerous/5243662

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.