From Eric Hartford at Lazarus-AI [1]: "Clearwing is a fully open-source vulnerability discovery engine. Crash-first hunting, file-parallel agents, oracle-driven verification, variant hunting, adversarial verification. Works with any LLM."
"I tested it with OpenAI Codex 5.4 and reproduced Glasswing's findings. I'm now reproducing results with our own ReAligned model - Qwen3.5 finetuned to Western alignment."
"Mythos is certainly a great model. The N-day exploit walkthroughs in Anthropic's blog show real reasoning depth. But it's an incremental improvement..." "The real innovation isn't the model. It's the workflow:
- Rank every file in a codebase by attack surface
- Fan out hundreds of parallel agents, each scoped to one file
- Use crash oracles (AddressSanitizer, UBSan) as ground truth
- Run a second verification agent to filter noise
- Generate exploits as a triage mechanism for severity
That's a pipeline. And pipelines are model-agnostic."
Disclaimer: I'm not affiliated with Eric/Lazarus in any way.
ninjagoo•1h ago
"I tested it with OpenAI Codex 5.4 and reproduced Glasswing's findings. I'm now reproducing results with our own ReAligned model - Qwen3.5 finetuned to Western alignment."
"Mythos is certainly a great model. The N-day exploit walkthroughs in Anthropic's blog show real reasoning depth. But it's an incremental improvement..." "The real innovation isn't the model. It's the workflow:
- Rank every file in a codebase by attack surface
- Fan out hundreds of parallel agents, each scoped to one file
- Use crash oracles (AddressSanitizer, UBSan) as ground truth
- Run a second verification agent to filter noise
- Generate exploits as a triage mechanism for severity
That's a pipeline. And pipelines are model-agnostic."
Disclaimer: I'm not affiliated with Eric/Lazarus in any way.
[1] https://x.com/QuixiAI/status/2044952124568527298