Red Hat Security

Future historians will remember spring 2026 as the dawn of AI-driven security vulnerability reporting. On April 7, Anthropic announced a preview of its Claude Mythos AI model, made available to select companies as part of Project Glasswing. The initiative claimed it had discovered thousands of high and critical severity vulnerabilities across the open source ecosystem. Three weeks later, the Xint initiative announced a Linux kernel local privilege escalation vulnerability it named Copy Fail. A few days later, the world woke up to another vulnerability named Dirty Frag, and then another named F

A couple of weeks ago, I wrote about Copy-Fail (CVE-2026-31431) and how Red Hat OpenShift’s defense-in-depth approach prevented container escape despite a vulnerable kernel. I spent time actively trying to break out of an OpenShift container, achieved root inside the pod almost immediately, and still couldn’t escape to the host. The kernel vulnerability was real. The exploit path was real. The defenses still held. While I was wrapping up this article, another related variant, DirtyDecrypt (CVE-2026-31635), started circulating publicly alongside exploit discussion and proof-of-concept cover

As enterprise IT organizations push deeper into operationalizing AI, the conversation has shifted from theoretical capability to hard execution metrics. Whether your team is talking with customers about scaling large language models (LLMs) on restricted local hardware, navigating the real-world performance numbers of distributed inference, or shielding proprietary model weights, the underlying goal remains the same: building a predictable, highly security-focused foundation that returns clear business value. This month’s roundup brings you the critical architecture analyses, benchmark realit

In the era of hyper-distributed systems where AI agents traverse our networks, and hybrid clouds stretch from the edge to the core, the "who" and "what" of infrastructure access are more critical than ever. Managing identities across thousands of nodes is a vital administrative task in optimizing your infrastructure's security posture. To assist with this, Red Hat Identity Management (IdM) can serve as a comprehensive domain controller for your Linux environment. If you're still managing local /etc/passwd files, or struggling with complex cross-realm Kerberos trusts manually, then it's time to

The post-quantum cryptography (PQC) transition is well underway in Red Hat Enterprise Linux (RHEL). In May 2025, RHEL 10 delivered post-quantum key exchange algorithms in three major cryptography libraries (OpenSSL, GnuTLS, and NSS), making post-quantum key exchange usable in TLS 1.3 connections. RHEL 10.1 followed, setting the new key exchange algorithms as default in TLS, and introducing post-quantum signatures for RPM packages.The secure shell (SSH) protocol was not left behind. RHEL 10 shipped with OpenSSH 9.9, supporting two hybrid post-quantum key exchange methods: sntrup761x25519-sha512

In distributed system management, defining the "ideal state" of a server is rarely black and white. Different operational goals often create tension between performance tuning and security hardening, where optimizing for one can inadvertently break the other. To resolve this friction, Red Hat Lightspeed has introduced a new cross-service validation capability between our advisor and compliance services.Red Hat Lightspeed advisor: Recommendations for misconfigurations and best practices to improve stability, performance, and availability.Compliance: Monitors compliance with security baselines t

Have you noticed the recent surge of post-quantum cryptography (PQC) roadmaps and Q-day countdowns? They’re hard to miss. Organizations across the industry are rushing to set PQC deadlines as research increasingly suggests the risk of a cryptographically-relevant quantum computer (CRQC) appearing before the year 2030 is no longer a fringe theory—it’s a real possibility. While the industry makes bets on the exact date the quantum clock will hit zero, Red Hat has taken a different, pragmatic approach by focusing on adoption, integration, and delivery of the tools and software you need so w

In the last few years, large language models (LLMs) have moved from research labs to production systems powering critical business functions. This rapid adoption poses a fundamental challenge for enterprises: How do you deploy AI with confidence when models can behave unpredictably under adversarial conditions? The question keeping IT leaders awake isn't if their AI will fail—it's when, and what will the consequences be?As we've already discovered, traditional software testing approaches fall short when applied to AI. Models don't just have bugs that can be discovered and quickly patched, th

If you ship software in containers, you know the vulnerability treadmill: Scanners surface a flood of CVEs, backlogs swell, and teams chase patch velocity as if it were the core business of the company (as opposed to serving customers and stakeholders). Complicating matters further is when a lengthy scan result fails to answer the key question that matters: Which of these findings would materially change our risk if we fixed them now?Much of that added load and increased pressure is noise. Results contain findings tied to packages that never run, paths that are not reachable, or components tha

Artificial intelligence (AI) workloads are transforming industries from financial services to healthcare. However, the use of AI models introduces risk around protecting models, weights, and data from malicious actors. While the industry has established robust traditional security frameworks to protect data at rest (with disk encryption, such as LUKS) and data in transit (with encrypted communication channels like TLS), a gap remains around data that's in use.When sensitive data, such as patient medical records or proprietary AI model weights are actively loaded into the CPU, GPU, and memory f

A practical look at what happens when kernel bugs meet containers.Author’s note: Refer to this Red Hat Security Bulletin for the most recent information about this CVE. This blog post was originally published on May 4, 2026 and has been updated. Today, I spent some time trying to break out of a Red Hat OpenShift container.No, not because I had to… but because CVE-2026-31431 dropped, and I wanted to see how bad it really is.Short answer: it’s real, it’s exploitable, and your default controls probably aren’t stopping it.Longer answer: defense-in-depth still matters… a lot. And this i

Organizations are shifting fast toward image-based workflows and AI, but you shouldn't have to choose between moving quickly and keeping the lights on. Red Hat Satellite 6.19 bridges that gap. This release focuses on hardening the software supply chain and reducing manual toil so you can stop managing patches and start building. Whether you’re migrating to image mode-based Red Hat Enterprise Linux (RHEL), handling hybrid cloud virtualization on Red Hat OpenShift, or spinning up Model Context Protocol (MCP) servers for AI-assisted debugging, Satellite 6.19 gives you the control you need to ac

Mozilla recently published a fascinating piece titled "The zero-days are numbered," focusing on their collaboration with Anthropic to use AI models to find vulnerabilities in Firefox. The results Mozilla reports are staggering: 22 security-sensitive bugs found in one release cycle, followed by 271 vulnerabilities identified in a subsequent pass. These aren't trivial issues and they weren't theoretical; they were real defects, the kind that elite human researchers spend careers finding. But a machine found them in a fraction of the time.This is one of those moments where the ground shifts under

At Red Hat, our deep focus on security doesn't stop at the code, it extends to how we communicate vulnerability information to our partners and customers. Based on valuable feedback from our partner community, Red Hat Product Security is announcing a major evolution in our security data ecosystem—the complete overhaul of our Common Security Advisory Framework (CSAF) and Vulnerability Exploit eXchange (VEX ) files.Why the change?Security data is only as good as its usability. We are modernizing and transforming our formats to improve clarity and simplify integration for the entire security ec

Extending confidential computing from individual workloads to the entire cluster is a new frontier in cloud-native security.Today, Red Hat is announcing the Developer Preview of confidential clusters for Red Hat OpenShift, a new feature of OpenShift that extends confidential computing to the cluster infrastructure level. Confidential clusters establish hardware-rooted trust across every node in an OpenShift cluster, creating a fully attested, encrypted, and verifiable execution environment from the ground up.This Developer Preview is available today for OpenShift on Microsoft Azure, powered by

Today’s cybersecurity teams need proactive defense mechanisms to meet modern threats as the threat landscape continues to evolve and change. We're excited to announce a significant advancement for our customers: the integration of Red Hat Lightspeed with CrowdStrike, empowering Red Hat Enterprise Linux users with an expanded arsenal against malware threats.A new era of malware signature coverageCustomers who use Red Hat Enterprise Linux, Red Hat Lightspeed, and CrowdStrike can now immediately benefit from the addition of over 2,400 new malware signatures to their defensive arsenal. While the

In our previous 3 articles, we laid the groundwork for a protected Model Context Protocol (MCP) ecosystem by analyzing the current threat landscape, implementing robust authentication and authorization, and exploring critical logging and runtime security measures. These focused on who can access what, and how to monitor those interactions. Now, we'll shift the focus to the physical and virtual environments in which these systems live. Of course, security-focused development is only half the battle. Deploying an MCP server with weak security protections can negate even the most robust code, as

The preview release of Claude Mythos presents a massive challenge for IT security experts, as well as an opportunity (at least for the organizations that can afford it). Mythos represents a new category of frontier model that can not only identify complex memory safety issues and logic flaws hidden in legacy code but also exploit them in increasingly sophisticated ways. This dramatically compounds and expands the outsize role currently played by AI-driven vulnerability scanning both in corporate IT security teams and open source communities. Mythos, however, represents more than a deluge of AI

Model Context Protocol (MCP) servers often execute code or commands as instructed by an AI agent, exposing them to various risks. To help mitigate these risks, you should implement strict runtime security measures to contain what the server can do and to sanitize what it processes.As discussed in our previous blog post, MCP security: Implementing robust authentication and authorization, an important aspect of MCP security is the ability to monitor autonomous agent behaviour and identify potential threats in real-time. By maintaining a detailed audit trail of tool invocations, authentication ev

Security is an important aspect of any digital undertaking, and Kubernetes is no different. We’ve built Red Hat Advanced Cluster Security for Kubernetes to form a foundational layer of security across fleets, estates, and platforms, be it public, private, or hybrid clouds. Today we release Red Hat Advanced Cluster Security for Kubernetes version 4.10 as part of our ongoing effort to make life easier for Red Hat OpenShift users when it comes to building and enforcing security policies for their clusters.Chief among these updates is the new integration of vulnerability management into OpenShif