"Anthropic only released its latest large language model, Claude Opus 4.6, on Thursday, but it has already been using it behind the scenes to identify zero-day vulnerabilities in open-source software. In the trial, it put Claude inside a virtual machine with access to the latest versions of open source projects, and provided it with a range of standard utilities and vulnerability analysis tools, but no instructions on how to use them nor how specifically to identify vulnerabilities."
"Despite this lack of guidance, Opus 4.6 managed to identify a 500 high-severity vulnerabilities. Anthropic staff are validating the findings before reporting the bugs to their developers to ensure the LLM was not hallucinating or reporting false positives, according to company blog post."
Claude Opus 4.6 was placed inside a virtual machine with access to the latest versions of open-source projects and a suite of standard utilities and vulnerability analysis tools. The model received no instructions on how to use those tools or how to identify vulnerabilities. Despite the absence of guidance, Opus 4.6 identified 500 high-severity zero-day vulnerabilities across the scanned projects. Anthropic staff are validating the model’s findings to filter out hallucinations and false positives before reporting confirmed bugs to the respective developers. The exercise demonstrates autonomous vulnerability discovery capabilities when given code and analysis tools.
Read at InfoWorld
Unable to calculate read time
Collection
[
|
...
]