Takahiro Haruyama

I’ve tried a few plugins that use LLMs to clean up Hex-Rays pseudocode, but none of them really fit my workflow, so I started building my own. My main focus is Windows kernel driver analysis, so this one is tuned for that use case. Left: raw Hex-Rays output Right: output from my plugin Current features: - Uses a WDK-header-based kernel API profile for functions, enums, structs, and macros - Reconstructs common kernel patterns like LIST_ENTRY traversal, CONTAINING_RECORD, critical regions, and pool alloc/free - Converts numeric literals into symbolic names for NTSTATUS, pool flags, pool tags, etc. - Simplifies noisy Hex-Rays casts and pointer arithmetic into struct fields and kernel macros - Renames cleanup, failfast, and error labels into meaningful control-flow targets - Combines deterministic rules with LLM assistance instead of relying only on the model If there’s interest, I’ll share more soon.

Last week, Anthropic announced Project Glasswing alongside Claude Mythos Preview, a model they described as so powerful at finding vulnerabilities they couldn't release it. The announcement featured AWS, Microsoft, Google, and Apple as partners, $100M in compute credits, and a clear message: this is dangerous, and only we can be trusted to deploy it safely. The results were real. Thousands of zero-days across every major OS and browser. A 27-year-old bug in OpenBSD. A 16-year-old bug in FFmpeg. Fully autonomous exploit chains that would have taken human researchers weeks. But here's what bothered me: all the credit went to the model. Read the technical blog carefully and a different picture emerges. The real innovation isn't the model. It's the workflow: - Rank every file in a codebase by attack surface - Fan out hundreds of parallel agents, each scoped to one file - Use crash oracles (AddressSanitizer, UBSan) as ground truth - Run a second verification agent to filter noise - Generate exploits as a triage mechanism for severity That's a pipeline. And pipelines are model-agnostic. At Lazarus AI, we spend our days deploying custom AI in places where "just use the closed API" isn't an option: regulated industries, enterprise, and government. When I saw Glasswing, my instinct was the same one I have every week: strip out the proprietary model, keep the architecture, run it on whatever model is best for the customer. Clearwing is a fully open-source vulnerability discovery engine. Crash-first hunting, file-parallel agents, oracle-driven verification, variant hunting, adversarial verification. Works with any LLM. I tested it with OpenAI Codex 5.4 and reproduced Glasswing's findings. I'm now reproducing results with our own ReAligned model - Qwen3.5 finetuned to Western alignment. Mythos is certainly a great model. The N-day exploit walkthroughs in Anthropic's blog show real reasoning depth. But it's an incremental improvement over Opus, the same way Opus was over Sonnet, and Sonnet over Haiku. It's not a leap to superintelligence. It's the next point on a curve we've been watching for years. What actually changed the game was the workflow. Defenders shouldn't have to wait for access to a gated model to secure their software. These vulnerabilities have been sitting in codebases for decades. The tools to find them should be available to everyone: the open source maintainer running FFmpeg on a Saturday, the startup that can't afford $125/M output tokens, the researcher in a country where Anthropic doesn't operate. Clearwing is MIT licensed and available now. https://t.co/E0WP5njZQJ Clearwing enables a wide variety of security activities. Handle with care. It is sharp.

GOOGLE BUILT A SECRET WEAPON FOR FILE DETECTION they ran it internally for years, gmail, drive, safe browsing, hundreds of billions of files every week then they open sourced it it's called magika and it exposes what files really are, not what they pretend to be rename malware to "resume.pdf"? magika sees through it disguise a script as an image? magika sees through it any trick attackers use with file extensions? magika sees through all of it ai trained on 100 million files. 200+ content types. 99% accuracy. 5ms per file one command `pip install magika` the same tool protecting google's billion users is now protecting yours https://t.co/Jr3LjmQobq