A New Era for Security? Anthropic's Claude Opus 4.6 Found 500 High-Severity Vulnerabilities
6 62Axios reports: Anthropic's latest AI model has found more than 500 previously unknown high-severity security flaws in open-source libraries with little to no prompting, the company shared first with Axios.
Why it matters: The advancement signals an inflection point for how AI tools can help cyber defenders, even as AI is also making attacks more dangerous...
Anthropic debuted Claude Opus 4.6, the latest version of its largest AI model, on Thursday. Before its debut, Anthropic's frontier red team tested Opus 4.6 in a sandboxed environment [including access to vulnerability analysis tools] to see how well it could find bugs in open-source code... Claude found more than 500 previously unknown zero-day vulnerabilities in open-source code using just its "out-of-the-box" capabilities, and each one was validated by either a member of Anthropic's team or an outside security researcher... According to a blog post, Claude uncovered a flaw in GhostScript, a popular utility that helps process PDF and PostScript files, that could cause it to crash. Claude also found buffer overflow flaws in OpenSC, a utility that processes smart card data, and CGIF, a tool that processes GIF files.
Logan Graham, head of Anthropic's frontier red team, told Axios they're considering new AI-powered tools to hunt vulnerabilities. "The models are extremely good at this, and we expect them to get much better still... I wouldn't be surprised if this was one of — or the main way — in which open-source software moving forward was secured."
6 comments
CVEs? (Score: 5, Insightful)
by Tracy Reed ( 3563 ) on <treed@ult[ ]iolet.org ['rav' in gap]> on Saturday February 07, 2026 @09:41PM (#65975450)
So what are the 500 CVEs?
Re:CVEs? (Score: 5, Funny)
by jhoegl ( 638955 ) on Saturday February 07, 2026 @11:23PM (#65975512)
slop
Re:Real vulnerabilities? (Score: 5, Informative)
by Gravis Zero ( 934156 ) on Saturday February 07, 2026 @11:40PM (#65975522)
and each one was validated by either a member of Anthropic's team or an outside security researcher
1. What's the breakdown between the two - how many validated by each?
2. What was the previous relationship between the "outside security researcher" and Anthropic, if any?
If you read the linked blog post [anthropic.com] in TFA, it's pretty clear that it was merely a matter of manpower and shouldn't be viewed as suspicious.
To ensure that Claude hadn’t hallucinated bugs (i.e., invented problems that don’t exist, a problem that increasingly is placing an undue burden on open source developers), we validated every bug extensively before reporting it. We focused on searching for memory corruption vulnerabilities, because they can be validated with relative ease. Unlike logic errors where the program remains functional, memory corruption vulnerabilities are easy to identify by monitoring the program for crashes and running tools like address sanitizers to catch non-crashing memory errors. But because not all inputs that cause a program to crash are high severity vulnerabilities, we then had Claude critique, de-duplicate, and re-prioritize the crashes that remain. Finally, for our initial round of findings, our own security researchers validated each vulnerability and wrote patches by hand. As the volume of findings grew, we brought in external (human) security researchers to help with validation and patch development. Our intent here was to meaningfully assist human maintainers in handling our reports, so the process optimized for reducing false positives. In parallel, we are accelerating our efforts to automate patch development to reliably remediate bugs as we find them.
Re:Real vulnerabilities? (Score: 5, Funny)
by 93 Escort Wagon ( 326346 ) on Saturday February 07, 2026 @11:50PM (#65975532)
If you read the linked blog post [anthropic.com] in TFA
Read the article? I get ragged on when I admit even reading the summary!
Re:Real vulnerabilities? (Score: 5, Interesting)
by karmawarrior ( 311177 ) on Sunday February 08, 2026 @09:47AM (#65975988)
So basically they had Claude grep for "memcpy" and "strcpy", and then had humans actually review to see if those two functions were being called unsafely.
I'm only being partially sarcastic here. Having seen the slop examples that Daniel Stenberg (curl dev) has posted repeatedly, we won't know if Claude has done anything useful unless we at least see how much chaff was separated from the wheat by human review. If those 500 "high security" vulnerabilities (in Ghostscript? We're using Ghostscript in high security situations now? Are printer makers running it as root or something?) were whittled down from 100,000 initial reports, has Claude done anything useful that a basic human review wouldn't have achieved?
I also find it interesting they picked the low hanging fruit for this. This wasn't a list of software that undergoes security reviews that often. So I'd expect more buffer overflow type issues simply because there's no urgent call for those kinds of bugs to be fixed.
I'm... skeptical here. I think they intentionally chose software they knew wasn't already under audit to increase the numbers, and I think the fact important stats were left out of the press release, like how many non-issues Claude found, makes it likely an exceedingly high volume of Claude's initial results were slop.
And closed source? (Score: 5, Interesting)
by chas.williams ( 6256556 ) on Sunday February 08, 2026 @10:37AM (#65976046)
When Claude finds them in closed source, the vulnerability is classified and then never fixed because no one outside the company has found it yet. So, no, this isn't going to usher in a new age of security. See Betteridge's Law.