Key Points
- Researchers uncovered a nearly 30-year-old Squid proxy vulnerability that leaks user data from memory, including credentials and session tokens.
- Squidbleed, present since 1997, was identified using Anthropic’s Mythos, highlighting how AI can quickly surface long-hidden bugs in widely trusted infrastructure.
- IANS Faculty warn that AI is making vulnerability discovery faster and more accessible, putting legacy systems at higher risk and forcing organizations to prioritize rapid response.
Researchers Uncover ‘Squidbleed,’ 29-Year-Old Squid Proxy Flaw
Security researchers at Calif identified an almost 30-year-old vulnerability in Squid, a popular open-source web proxy. The vulnerability impacts Squid’s memory processing, leaking users’ cleartext HTTP requests along with any credentials or session tokens they include.
The flaw, tracked as CVE-2026-47729, was dubbed ‘Squidbleed’ due to its similarities to Heartbleed, a notorious critical OpenSSL vulnerability. Calif researchers said that “Heartbleed’s ancient cousin” has been lurking within Squid since 1997 until it was uncovered with the help of Anthropic’s Mythos.
Given that Squidbleed leaks internal memory from all versions of the Squid proxy in its default configuration, large amounts of user data could be exposed. The proxy inadvertently returns pieces of memory containing data from other users’ requests, including decrypted HTTPS content if TLS is terminated at the proxy.
The researchers stated that Mythos was able to spot the vulnerability very quickly once they directed it to look more deeply at the relevant code, because it had already been extensively trained to recognize these specific patterns.
“Claude Mythos Preview, having trained on the entire C standard reference, treats this quirk as just another fact. When pointed at the right code, it spotted the bug almost immediately,” the report stated.
Big Picture
Entire classes of older, long-standing vulnerabilities are now being discovered on an extremely compressed timeline due to AI. Widely trusted systems that were once considered a lower security risk to organizations are now under new scrutiny due to how frontier AI models accelerate vulnerability detection and exploitation timelines.
"The interesting thing about Squidbleed is how it surfaced. That kind of problem has already shown up in other systems using the same Mythos-style workflow. Every old component in your stack is now sitting under a much faster clock.” Jeff Brown, IANS Faculty.
"When an AI can read decades of code in an afternoon, the safest-looking part of your stack, the old, boring, nobody-has-touched-it-in-years infrastructure, becomes the richest hunting ground. And it isn't gated behind Mythos. Researchers have shown that small, cheap, open-weight models can find the same classes of bugs. Discovery is now a commodity." George Gerchow, IANS Faculty.
Squidbleed also demonstrates how the security controls meant to protect and inspect traffic can become the biggest sources of exposure. This, coupled with AI-enhanced vulnerability detection, can pose a significant risk for organizations.
"The device that leaked the data was a proxy, that thing you deployed to inspect and protect traffic. The boring, trusted infrastructure is where the next wave of ancient bug disclosures we just discovered will land.” Jeff Brown, IANS Faculty.
Security teams can leverage the same techniques that exposed Squidbleed to find and fix additional critical vulnerabilities before threat actors get there first. Organizations should adopt AI-assisted code review to uncover weaknesses in trusted systems and prepare for a surge in vulnerability disclosures and exploitation attempts.
"Every organization has just inherited a security researcher that never sleeps and works for both sides. Those who put it to work in their own environment first will be the calm ones this summer, while everyone else drowns in findings.” George Gerchow, IANS Faculty.
IANS Faculty Recommendations
- Kill FTP on every proxy, not just Squid: Turning off FTP support removes this entire attack surface for free, and Chromium dropped FTP years ago, so you're carrying near-zero legitimate traffic.
- Treat TLS-terminating proxies as crown jewels: The riskiest setups are the ones where you terminate TLS at the proxy, because they turn normally opaque HTTPS into cleartext at that hop. Inventory exactly where you do that and those instances move to the top of the patch queue.
- Run a tier-zero fire drill: Assume hundreds of findings in crown-jewel systems and walk it end to end: triage, assign an owner, remediate, close. The gap will be people and process, not tooling.
- Turn the same AI on yourself: Point models at your most critical code. Put AI-assisted code review on top dependencies before someone else does it for you.
- Fund a real inventory and SBOM: The payoff will come when the next SquidBleed drops; you can answer "where do we run this, and what version?" in minutes, before your scanners even ship a signature.
Jeff Brown, IANS Faculty
George Gerchow, IANS Faculty
Authors & Contributors
Emily Dempsey, Author - Security Reporter, IANS News
Jeff Brown, IANS Faculty
George Gerchow, IANS Faculty
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our News & blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.