Mozilla released that they used Anthropic Mythos to identify over 250 bugs/vulnerabilities.
Given that all our passwords are stored in Bitwarden, it would be nice if Bitwarden used AI (such as Mythos) to identify bugs and vulnerabilities. As AI becomes more powerful, individuals and foreign nation-state actors will utilize AI to try to get into vaults.
If Bitwarden isn’t the first to use it to identify vulnerabilities, its competition will be. Would be nice for Bitwarden to be at the forefront of this.
This entry shows up quite often when looking at Bitwarden’s GitHub. Chekmarx One describes itself as “AI-powered Application Security Testing Platform”. So, it appears as if Bitwarden is thinking along the same lines as you.
Unfortunately, the name “Checkmarx” is also showing up prominently in the recent supply chain incident to which Bitwarden fell victim, which may end up playing right into the hands of the AI-naysayers.
Real vulnerabilities in coding, workflow, deployment, etc., need to be fixed, even if (or especially if) they’re identified by AIs. It’s the people who have to deal with AIs’ not-so-real, not-so-important but endless reports of vulnerabilities who need to be pitied.
