Vibe Coding
Anthropic Red Team: Claude Opus 4.6 Autonomously Discovers 500+ High-Severity Zero-Day Vulnerabilities in Open Source Software
Nicolas Carlini's team at Anthropic published results from Claude Opus 4.6 operating autonomously in sandboxed VMs with debuggers and fuzzers — no custom scaffolding — finding over 500 high-severity vulnerabilities across open-source projects including GhostScript (incomplete bounds checking in font handling), OpenSC (buffer overflow via strcat in filename handling), and CGIF (LZW compression buffer overrun). Carlini publicly stated Claude is now a better security researcher than he is. A Linux kernel vulnerability from 2003 that went undetected for 20+ years was among the discoveries.
↳ Follow the thread