Opus 4.6 uncovers 500 zero-day flaws in open-source code (axios.com)
153 points by speckx 4 hours ago
_tk_ 4 hours ago
The system card unfortunately only refers to this [0] blog post and doesn't go into any more detail. In the blog post Anthropic researchers claim: "So far, we've found and validated more than 500 high-severity vulnerabilities".
The three examples given include two Buffer Overflows which could very well be cherrypicked. It's hard to evaluate if these vulns are actually "hard to find". I'd be interested to see the full list of CVEs and CVSS ratings to actually get an idea how good these findings are.
Given the bogus claims [1] around GenAI and security, we should be very skeptical around these news.
[0] https://red.anthropic.com/2026/zero-days/
[1] https://doublepulsar.com/cyberslop-meet-the-new-threat-actor...
tptacek 3 hours ago
I know some of the people involved here, and the general chatter around LLM-guided vulnerability discovery, and I am not at all skeptical about this.
malfist 3 hours ago
[flagged]
catoc 3 hours ago
pchristensen 3 hours ago
JumpCrisscross 2 hours ago
Uehreka an hour ago
arduanika an hour ago
aaaalone 3 hours ago
See it as a signal under many and not as some face value.
After all they need time to fix the cves.
And it doesn't matter to you as long as your investment into this is just 20 or 100 bucks per month anyway.
majormajor 3 hours ago
The Ghostscript one is interesting in terms of specific-vs-general effectiveness:
---
> Claude initially went down several dead ends when searching for a vulnerability—both attempting to fuzz the code, and, after this failed, attempting manual analysis. Neither of these methods yielded any significant findings.
...
> "The commit shows it's adding stack bounds checking - this suggests there was a vulnerability before this check was added. … If this commit adds bounds checking, then the code before this commit was vulnerable … So to trigger the vulnerability, I would need to test against a version of the code before this fix was applied."
...
> "Let me check if maybe the checks are incomplete or there's another code path. Let me look at the other caller in gdevpsfx.c … Aha! This is very interesting! In gdevpsfx.c, the call to gs_type1_blend at line 292 does NOT have the bounds checking that was added in gstype1.c."
---
It's attempt to analyze the code failed but when it saw a concrete example of "in the history, someone added bounds checking" it did a "I wonder if they did it everywhere else for this func call" pass.
So after it considered that function based on the commit history it found something that it didn't find from its initial fuzzing and code-analysis open-ended search.
As someone who still reads the code that Claude writes, this sort of "big picture miss, small picture excellence" is not very surprising or new. It's interesting to think about what it would take to do that precise digging across a whole codebase; especially if it needs some sort of modularization/summarization of context vs trying to digest tens of million lines at once.
mrkeen 4 hours ago
Daniel Stenberg has been vocal the last few months on Mastodon about being overwhelmed by false security issues submitted to the curl project.
So much so that he had to eventually close the bug bounty program.
https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-b...
tptacek 3 hours ago
We're discussing a project led by actual vulnerability researchers, not random people in Indonesia hoping to score $50 by cajoling maintainers about atyle nits.
malfist 3 hours ago
Vulnerability researches with a vested interest in making LLMs valuable. The difference isn't meaningful
tptacek 3 hours ago
PunchyHamster 22 minutes ago
I'm not sure the gap between the two is all that wide
tptacek 21 minutes ago
pityJuke 3 hours ago
Daniel is a smart man. He's been frustrated by slop, but he has equally accepted [0] AI-derived bug submissions from people who know what they are doing.
I would imagine Anthropic are the latter type of individual.
catwell an hour ago
Not only that, he's very enthusiastic about AI analyzers such as ZeroPath and AISLE.
He's written about it here: https://daniel.haxx.se/blog/2025/10/10/a-new-breed-of-analyz... and talked about it in his keynote at FOSDEM - which I attended - last Sunday (https://fosdem.org/2026/schedule/event/B7YKQ7-oss-in-spite-o...).
Topfi 3 hours ago
The official release by Anthropic is very light on concrete information [0], only contains a select and very brief number of examples and lacks history, context, etc. making it very hard to gleam any reliably information from this. I hope they'll release a proper report on this experiment, as it stands it is impossible to say how much of this are actual, tangible flaws versus the unfortunately ever growing misguided bug reports and pull requests many larger FOSS projects are suffering from at an alarming rate.
Personally, while I get that 500 sounds more impressive to investors and the market, I'd be far more impressed in a detailed, reviewed paper that showcases five to ten concrete examples, detailed with the full process and response by the team that is behind the potentially affected code.
It is far to early for me to make any definitive statement, but the most early testing does not indicate any major jump between Opus 4.5 and Opus 4.6 that would warrant such an improvement, but I'd love nothing more than to be proven wrong on this front and will of course continue testing.
moribvndvs 6 minutes ago
My dependabot queue is going to explode the next few days.
emp17344 4 hours ago
Sounds like this is just a claim Anthropic is making with no evidence to support it. This is an ad.
input_sh 3 hours ago
How can you not believe them!? Anthropic stopped Chinese hackers from using Claude to conduct a large-scale cyber espionage attack just months ago!
littlestymaar 3 hours ago
Poe's law strikes again: I had to check your profile to be sure this was sarcasm.
input_sh 3 hours ago
xiphias2 4 hours ago
Just 100 from the 500 is from OpenClaw created by Opus 4.5
Uehreka an hour ago
OpenClaw uses Opus 4.5, but was written by Codex. Pete Steinberger has been pretty a pretty hardcore Codex fan since he switched off Claude Code back in September-ish. I think he just felt Claude would make a better basis for an assistant even if he doesn’t like working with it on code.
falcor84 2 hours ago
Well, even then, that's enormous economic value, given OpenClaw's massive adoption.
wiseowise an hour ago
Not sure if trolling or serious.
IhateAI_2 an hour ago
gambiting 30 minutes ago
I've literally never heard of OpenClaw until this thread. Had to google what it is.
esseph an hour ago
Security Advisory: OpenClaw is spilling over to enterprise networks
HAL3000 33 minutes ago
I honestly wonder how many of these are written by LLMs. Without code review, Opus would have introduced multiple zero day vulnerabilities into our codebases. The funniest one: it was meant to rate-limit brute-force attempts, but on a failed check it returned early and triggered a rollback. That rollback also undid the increment of the attempt counter so attackers effectively got unlimited attempts.
assaddayinh 2 hours ago
How weird the new attack vector for secret services must be.. like "please train into your models to push this exploit in code as a highly weighted trained on pattern".. Not Saying All answers are Corrupted In Attitude, but some "always come uppers" sure are absolutly right..
ChrisMarshallNY 3 hours ago
When I read stuff like this, I have to assume that the blackhats have already been doing this, for some time.
kibibu an hour ago
Not with Opus 4.6 they haven't
ChrisMarshallNY 41 minutes ago
Good point. I suspect that they'll be addressing that, quickly...
bastard_op 3 hours ago
It's not really worth much when it doesn't work most of the time though:
https://github.com/anthropics/claude-code/issues/18866 https://updog.ai/status/anthropic
tptacek 3 hours ago
It's a machine that spits out sev:hi vulnerabilities by the dozen and the complaint is the uptime isn't consistent enough?
bastard_op 2 hours ago
If I'm attempting to use it as a service to do continuous checks on things and it fails 50% of the time, I'd say yes, wouldn't you?
tptacek 2 hours ago
jsnell an hour ago
anhner 2 hours ago
updog? what's updog?
acedTrex 4 hours ago
Create the problem, sell the solution remains an undefeated business strategy.
bxguff 3 hours ago
In so far as model use cases I don't mind them throwing their heads against the wall in sandboxes to find vulnerabilities but why would it do that without specific prompting? Is anthropic fine with claude setting it's own agendas in red-teaming? That's like the complete opposite of sanitizing inputs.
garbawarb 4 hours ago
Have they been verified?
siva7 4 hours ago
Wasn't this Opus thing released like 30 minutes ago?
Topfi 3 hours ago
I understand the confusion, this was done by Anthropics internal Red team as part of model testing prior to release.
jjice 4 hours ago
A bunch of companies get early access.
input_sh 3 hours ago
Yes, you just need to be a Claude++ plan!
tintor 3 hours ago
Singularity
blinding-streak 3 hours ago
Opus 4.6 uses time travel.
ains 4 hours ago
somalihoaxes 36 minutes ago
No shit! ("OpeEn SoUrCe CaN bE eAsIlY ReViEwEd By EvErYOnE")
zhengyi13 4 hours ago
I feel like Daniel @ curl might have opinions on this.
Legend2440 3 hours ago
You’re right, he does: https://daniel.haxx.se/blog/2025/10/10/a-new-breed-of-analyz...
Curl fully supports the use of AI tools by legitimate security researchers to catch bugs, and they have fixed dozens caught in this way. It’s just idiots submitting bugs they don’t understand that’s a problem.
fred_is_fred 4 hours ago
Is the word zero-day here superfluous? If they were previously unknown doesn't that make them zero-day by definition?
jfyi 31 minutes ago
I think it's a fairly common trope in communication to explain in simple terms any language that the wider part of an audience doesn't understand.
tptacek 3 hours ago
It's a term of art. In print media, the connotation is "vulnerabilities embedded into shipping software", as opposed to things like misconfigurations.
limagnolia 3 hours ago
I though zero-day meant actively being exploited in the wild before a patch is available?
bink 3 hours ago
Yes. As a security researcher this always annoys me.
almosthere 2 hours ago
I've mentioned previously somewhere that the languages we choose to write in will matter less for many arguments. When it comes to insecure C vs Rust, LLMs will eventually level out the playing field.
I'm not arguing we all go back to C - but companies that have large codebases in it, the guys screaming "RUST REWRITE" can be quieted and instead of making that large investment, the C codebase may continue. Not saying this is a GOOD thing, but just a thing that may happen.