#security · Blog · Ayush Sharma

Dark cover with cyan glow and white title text

May 11, 20269 min read

GPT-5.5 Made the Mythos Restriction Obsolete

The AISI benchmark shows GPT-5.5 matches Mythos on offensive cyber tasks. The case for model-specific restriction got much harder to make.

#ai #security #essay #claude

Dark cover with amber glow and white title text

May 11, 20269 min read

Project Glasswing and the Open-Weights Problem

Anthropic locked Claude Mythos behind a $100M vetted-access program. Meanwhile, DeepSeek V4 is on Hugging Face for anyone to download. The policy and the threat model point in different directions.

#ai #security #essay

Dark cover with violet purple glow and white title text

May 8, 20269 min read

A Single git push Was All It Took: CVE-2026-3854

Any authenticated user with push access to any repo on your GitHub Enterprise Server could RCE the server with one crafted push option. Here's exactly how.

#security #git #vulnerability #github

Dark cover with orange glow and Copy Fail post title

May 5, 20269 min read

Copy Fail: Nine Years in the Kernel, Zero Traces on Disk

CVE-2026-31431 lets any local user gain root with 732 bytes of Python. The on-disk file never changes. That's not a detail. That's the whole lesson.

#security #vulnerability #linux #essay

Dark cover with a glowing red accent and the post title

May 2, 20268 min read

GitHub Got Owned by a Semicolon

CVE-2026-3854 let any authenticated user pop GitHub's backend with a single git push. The bug class is older than I am. So why does it keep working?

#security #vulnerability #github #essay

May 11, 20269 min read

GPT-5.5 Made the Mythos Restriction Obsolete

The AISI benchmark shows GPT-5.5 matches Mythos on offensive cyber tasks. The case for model-specific restriction got much harder to make.

#ai #security #essay #claude

May 11, 20269 min read

Project Glasswing and the Open-Weights Problem

Anthropic locked Claude Mythos behind a $100M vetted-access program. Meanwhile, DeepSeek V4 is on Hugging Face for anyone to download. The policy and the threat model point in different directions.

#ai #security #essay

May 8, 20269 min read

A Single git push Was All It Took: CVE-2026-3854

Any authenticated user with push access to any repo on your GitHub Enterprise Server could RCE the server with one crafted push option. Here's exactly how.

#security #git #vulnerability #github

May 5, 20269 min read

Copy Fail: Nine Years in the Kernel, Zero Traces on Disk

CVE-2026-31431 lets any local user gain root with 732 bytes of Python. The on-disk file never changes. That's not a detail. That's the whole lesson.

#security #vulnerability #linux #essay

May 2, 20268 min read

GitHub Got Owned by a Semicolon

CVE-2026-3854 let any authenticated user pop GitHub's backend with a single git push. The bug class is older than I am. So why does it keep working?

#security #vulnerability #github #essay