Fwupd 2.0.21 fixes more than 250 security flaws spotted by AI

Staff Editor 2026-06-25
Fwupd 2.0.21 fixes more than 250 security flaws spotted by AI

Fwupd 2.0.21 fixes more than 250 security flaws spotted by AI

https://korben.info/en/fwupd-2-0-21-fixes-250-security-flaws-ai.html

Publish Date: 2026-06-25 05:58:00

Source Domain: korben.info

We already knew that AI models could write code – this year we’re increasingly discovering they can also break it at a mind-boggling scale, and the fwupd project just found that out the hard way with version 2.0.21, which single-handedly addresses more than 250 potential security issues detected over the past three months by AI-driven vulnerability scanners.

Behind this wave of patches is Mythos, the model developed by Anthropic – since pulled on orders from US authorities – and trained specifically to comb through code in search of exploitable flaws. The numbers from its program called Project Glasswing are staggering: after scanning more than 1,000 open source projects, Mythos flagged around 23,000 potential vulnerabilities, of which nearly 1,700 have already been confirmed by external security firms and more than 1,000 rated as severe or critical.

Fwupd is one of those projects that went under the microscope. As a reminder, this free software is the component responsible for updating the firmware on your Linux machines (firmware being the small program baked closest to the hardware – in the motherboard or SSD – that runs before the operating system even boots). It powers the LVFS (Linux Vendor Firmware Service), a kind of centralised store where manufacturers submit their updates, and from which millions of Linux PCs pull what they need to stay current without tinkering in the BIOS.

It was Richard Hughes, the Red Hat developer who has led fwupd for years, who did the cleanup. Version 2.0.21 deliberately adds no new features – Hughes simply backported the fixes already merged into the newer 2.1.x branch to the older 2.0.x branch, the one that stable distributions still cling to because they don’t like switching versions in their official repositories, think Debian or enterprise-oriented derivatives. So even servers and workstations stuck on intentionally older software benefit from the cleanup.

To be fair, some perspective is needed. Of those 250 issues, we’re…

Source

More Stories

3 must-have Linux apps to try this weekend (Jun 26-28)

3 must-have Linux apps to try this weekend (Jun 26-28)

Staff Editor 2026-06-26
Linux felt like a waste of time—until these 3 features changed everything

Linux felt like a waste of time—until these 3 features changed everything

Staff Editor 2026-06-26
Linux Foundation, Tech Giants Launch Akrites to Defend Open Source Against AI-Powered Attacks

Linux Foundation, Tech Giants Launch Akrites to Defend Open Source Against AI-Powered Attacks

Staff Editor 2026-06-26

Terms and Conditions - Privacy Policy