Aikido Code Audit
Key takeaways
- TL;DR: Aikido Code Audit fills the gap between SAST and pentesting by reasoning through your static codebases to surface multi-step, intent-dependent vulnerabilities before they ship.
- Last week Anthropic released Claude Fable 5, a public version of their Mythos-class model, which was able to discover and chain zero-day exploits.
- The skill and time it took to find and chain flaws across a application is collapsing into something an agent does without hours or days of human effort.
TL;DR: Aikido Code Audit fills the gap between SAST and pentesting by reasoning through your static codebases to surface multi-step, intent-dependent vulnerabilities before they ship.
Last week Anthropic released Claude Fable 5, a public version of their Mythos-class model, which was able to discover and chain zero-day exploits. Fable 5 ships with guardrails that block cybersecurity queries and fall back to a more limited model, so the public version doesn't run those attacks for you. At least that was the idea. But it appears 1 or more organizations have successfully jail-broken Fable 5, causing Anthropic to withdraw the model under pressure from the US government. The thing is, you can't put the genie back in the bottle. Whether through jail breaks or open source, attacker will gain access to increasingly capable models.
The direction is set. The skill and time it took to find and chain flaws across a application is collapsing into something an agent does without hours or days of human effort. This is particularly true for logic-based flaws not covered by existing static code analysis engines. These classes of flaws don't follow predictable patterns, so static analysis has nothing to match against.