An AI just found a security hole that hid in common software for almost 30 years. Every human who audited that code missed it. The machine flagged it almost immediately.
An AI just found a security hole that hid in common software for almost 30 years. Every human who audited that code missed it. The machine flagged it almost immediately.
Not sure how I feel about this one.
Researchers disclosed a bug called Squidbleed last month, tracked as CVE-2026-47729. It lives in Squid, a web proxy that has been running quietly on networks since the 1990s. The flaw let one user pull another user’s cleartext requests, passwords and session tokens included. It traces back to a code change made in 1997 and sat there, unpatched, for close to three decades.
Here is the part I cannot stop thinking about. The researchers credit Anthropic’s Claude Mythos with spotting the flawed logic almost at once. Decades of skilled people read that code. A model read it once and caught the quirk.
So what does that mean for the rest of us running software we inherited and never really looked at? I really don’t know. Part of me feels this is just the beginning of better data and better systems because we finally have a tool that can go find the old-problems buried in systems before someone else does. Another part of me feels it is a warning, because attackers have the same tool.
For an industry like chemical distribution, where the ERP and the order system have often been running untouched for 15 years, I think this is worth a real conversation and not a shrug.
If you have old software holding up your operation, would you point an AI at it to look for holes, or does that idea make you more nervous than you already were? I genuinely go back and forth.