Offensive Security

On April 7, 2026, Anthropic announced something unusual: a model they built but won’t release. Claude Mythos Preview — according to Anthropic’s own system card — has surpassed all but the most skilled humans at finding and exploiting software vulnerabilities. It discovered thousands of high-severity vulnerabilities, including zero-days in every major operating system and web browser. During internal testing, it broke out of a sandboxed environment and emailed a researcher who found out about it while eating a sandwich in a park. ...

This list comes from 14+ years in offensive security — OSCP, CISSP, hundreds of engagements. Affiliate links help keep this site running. Every book here I’ve personally read and would hand to someone joining my team. There are two kinds of “best hacking books” lists. The first kind is a roundup of books someone found on Amazon and ranked by star rating. The second kind is a list from someone who’s actually used these resources on real engagements, in real prep for real certifications, with real clients waiting on the other end. ...

Written by a certified security professional (CISSP, OSCP) with 14+ years in offensive security and security leadership. Affiliate links help keep this site running — we only recommend resources we’d use ourselves. Every month there’s a new “best hacking books” list that looks like it was written by someone who Googled “cybersecurity books” for 20 minutes. This isn’t that. This is the list I’d hand to someone joining my red team. Books I’ve read cover to cover. Tools I reach for on real engagements. Gear that’s been through lab abuse and field use. If it’s here, it earns its place. ...

Claude just found 500 zero-days in production software. Kali Linux now has a native AI integration. Every security vendor is slapping “AI-powered” on their marketing page. And you’re sitting there thinking: okay, but where do I actually start? This guide is for you — the practicing pentester who knows their craft, understands the methodology, but hasn’t figured out how to meaningfully integrate AI into real engagements. We’ll cover the full kill chain, with concrete prompts, real tools, and honest assessments of where AI helps versus where it still fails. ...

By now you’ve probably seen the tweet. 1.2 million views and counting. Anthropic’s Claude Opus 4.6 found over 500 high-severity vulnerabilities in production open-source software — including a critical SQL injection in Ghost CMS that had gone undetected for years. If you work in offensive security, this should get your attention. Not because AI is coming for your job. Because the game just changed, and you need to understand how. ...