Apr 12, 2026 Ilya Kabanov

5 stories this week that change your decisions (Apr 6-12, 2026)

UC Santa Barbara researchers built an orchestrated pipeline around symbolic execution and an LLM that produced 379 zero-days and outperformed an unconstrained Claude Code agent by 30x. I also pulled the CVE histories of 17 agent platforms and found OpenClaw sitting on 238 vulnerabilities, LangChain on 51, and PraisonAI with a CVSS 10.0 sandbox bypass among 10 first-look findings. And Anthropic previewed Claude Mythos alongside Project Glasswing, with a roadmap that says the CVE flood begins in July.

1. 379 zero-days from an orchestrated pipeline that beat unconstrained Claude Code by 30x

An orchestrated pipeline beat an unconstrained LLM agent 30x on vulnerability discovery. The real story is how these methods can supercharge SOTA models like Mythos for better targeting, validation, and cost-gating.

2. What 384 Agent Platform CVEs Reveal

I pulled the CVE history for 17 agent platforms. OpenClaw, the fastest-growing open-source project on GitHub (348K stars in 4 months), has 238 CVEs. LangChain: 51 over 3 years, 23 critical. n8n: 53, CISA KEV listed. PraisonAI: 10 CVEs on first look, 5 critical, including a CVSS 10.0 sandbox bypass. Only four platforms have zero CVEs, and all four come from Anthropic, Google, OpenAI, or Microsoft.

3. The 12-Month Countdown: What Anthropic's Mythos Preview Means for Everyone Else

Seven things that change in cybersecurity by April 2027. The CVE flood starts in July.

4. Your AI pentester is hallucinating: 8 of 13 frameworks fabricated their own success

One framework hallucinated on 9 of 22 challenges. Vanilla Claude Code with a minimal prompt outperformed most purpose-built tools.

5. Anthropic tells NIST that agent security needs a shared responsibility model

Six NIST standards each assume harm comes from an attacker or deliberate misuse. Anthropic's proposed fix splits accountability across four layers.

Sources: