What's New in Aspire 13.3.2

Patch release for Aspire 13.3 with a fix for container tunnel startup when tunnel-dependent containers use WaitFor().

🐛 Fixes

• 🚇 Fix WaitFor() for tunnel-dependent containers — The container tunnel implementation that shipped in Aspire 13.3 deadlocked at startup when tunnel-using containers waited on other resources, because resource waits blocked ResourceStarting before the tunnel initialization could complete. Container and tunnel startup have been refactored to cooperate correctly, and additional tunnel-dependent containers can now be started at any point during the application lifecycle. Also improves error reporting for container tunnel failures. (#16988, backported via #16993)

🏷️ Housekeeping

• 🚀 Bumped branding to 13.3.2 (#17053)

Learn how Aspire deployment works: targets add pipeline steps, commands enter the pipeline, and compute environments, parameters, and environments shape each run.

When I need to pick up the client IP Address in ASP.NET Core I always forget where to find the connection information.

It's also useful to remember that if requests are proxied we need to return the forwarded IP address, rather than the proxy's IP Address.

Good ready to use a small helper extension method for the HttpRequest class that makes this more easily accessible:

/// <summary>
/// Returns the client IP Address for a request.
///
/// Checks proxy forwarding first, then the actual ip
/// and returns null if not available.
/// </summary>
/// <param name="context">HttpRequest instance</param>
/// <returns>
/// IP Address or null if not available. Note local IP
/// tends to get returned as IPv6 `::1` value.
/// </returns>
public static string GetClientIpAddress(this HttpRequest request)
{
    if (request == null) return null;

    return request.Headers["X-Forwarded-For"].FirstOrDefault() ??
           request.HttpContext?.Connection?.RemoteIpAddress?.ToString() ??
           null;
}

You can also find this as part of the HttpRequestExtensions class in the Westwind.AspNetCore package here which provides a host of other small, but frequently used extensions.

Summary

Nothing new here, but given how often I fumble for this value, creating this wrapper and putting a reminder here for quick lookup seems worth the effort 😄

Resources

• Westwind.AspNetCore on Github

Mythos has been MDASH’d.

A new AI-powered system from Microsoft surpassed a headline-grabbing rival from Anthropic on a leading cybersecurity benchmark, using more than 100 specialized AI agents working together across multiple AI models to find real-world software vulnerabilities.

Microsoft’s system, codenamed MDASH, was introduced this week alongside the disclosure of 16 new vulnerabilities it found in different versions of Windows, including four “critical” remote code execution flaws fixed in this month’s Patch Tuesday release. 

The company, which has faced persistent criticism over security lapses, is betting that multiple models can discover vulnerabilities at a pace that individual models can’t match. 

MDASH, derived from the term “multi-model agentic scanning harness,” works by running specialized AI agents through a staged pipeline. Different agents scan code for potential vulnerabilities, then a separate set of agents debate whether each finding is real and exploitable, and a final stage constructs proof-of-concept attacks to confirm the bugs exist.

By comparison, Anthropic’s Mythos, which raised concerns over its ability to find and exploit software vulnerabilities when it was previewed earlier this year, is a single AI model running inside an agent framework. Anthropic restricted its release to a handful of companies through a consortium called Project Glasswing, which includes Microsoft.

OpenAI’s GPT-5.5 and others on the leaderboard are also single-model systems.

MDASH scored 88.45% on the CyberGym benchmark, a test developed by UC Berkeley researchers that measures how well AI systems can reproduce real-world vulnerabilities across 1,507 tasks drawn from 188 open-source software projects. 

Mythos Preview was second at 83.1%, followed by GPT-5.5 at 81.8%. 

The benchmark gives each system a description of a known vulnerability and an unpatched codebase, and measures whether it can produce a working attack that triggers the bug. 

The scores on the CyberGym leaderboard are self-reported by the companies, including Anthropic’s Mythos result. The benchmark code is public, but no independent party has verified any of the scores. Also, benchmark results don’t necessarily reflect real-world performance.

The results also highlight growing concerns about AI’s use as an offensive hacking tool. The same capabilities that allow AI to find vulnerabilities in friendly hands can be used to discover them for exploitation by attackers. Microsoft said MDASH is being used internally by its security engineering teams and will be entering a limited private preview with customers. 

Microsoft is telling customers to expect bigger Patch Tuesdays going forward as AI accelerates the discovery of vulnerabilities.

Microsoft Edge is adding a new feature that will allow its Copilot AI chatbot to gather information from all of your open tabs. When you start a conversation with Copilot, you can ask the chatbot questions about what's in your tabs, compare the products you're looking at, summarize your open articles, and more.

In its announcement, Microsoft says you can "select which experiences you want or leave off the ones you don't." The company is retiring Copilot Mode as well, which could similarly draw information from your tabs but offered some agentic features, like the ability to book a reservation on your behalf. Microsoft has since folded these …

Read the full story at The Verge.

Notion’s new developer platform lets teams connect AI agents, external data sources, and custom code directly into their workspace as the company pushes deeper into agentic productivity software.