The system card unfortunately only refers to this [0] blog post and doesn't go into any more detail. In the blog post Anthropic researchers claim: "So far, we've found and validated more than 500 high-severity vulnerabilities".

The three examples given include two Buffer Overflows which could very well be cherrypicked. It's hard to evaluate if these vulns are actually "hard to find". I'd be interested to see the full list of CVEs and CVSS ratings to actually get an idea how good these findings are.

Given the bogus claims [1] around GenAI and security, we should be very skeptical around these news.

[0] https://red.anthropic.com/2026/zero-days/

[1] https://doublepulsar.com/cyberslop-meet-the-new-threat-actor...

Show 7 replies

Daniel Stenberg has been vocal the last few months on Mastodon about being overwhelmed by false security issues submitted to the curl project.

So much so that he had to eventually close the bug bounty program.

https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-b...

Show 3 replies

The official release by Anthropic is very light on concrete information [0], only contains a select and very brief number of examples and lacks history, context, etc. making it very hard to gleam any reliably information from this. I hope they'll release a proper report on this experiment, as it stands it is impossible to say how much of this are actual, tangible flaws versus the unfortunately ever growing misguided bug reports and pull requests many larger FOSS projects are suffering from at an alarming rate.

Personally, while I get that 500 sounds more impressive to investors and the market, I'd be far more impressed in a detailed, reviewed paper that showcases five to ten concrete examples, detailed with the full process and response by the team that is behind the potentially affected code.

It is far to early for me to make any definitive statement, but the most early testing does not indicate any major jump between Opus 4.5 and Opus 4.6 that would warrant such an improvement, but I'd love nothing more than to be proven wrong on this front and will of course continue testing.

[0] https://red.anthropic.com/2026/zero-days/

Sounds like this is just a claim Anthropic is making with no evidence to support it. This is an ad. Show 1 reply

Just 100 from the 500 is from OpenClaw created by Opus 4.5 Show 2 replies

All of the AI vulnerabilities I've randomly come across (admittedly, not many) on GH issues have been false positives - hard coded credentials, that aren't credentials. Injection vulns, where further upstream the code is entirely self contained etc. Show 1 reply

Nicholas Carlini, one of the listed authors on this post, wrote a big chunk of Microcorruption and most of the interesting levels.

Create the problem, sell the solution remains an undefeated business strategy.

How weird the new attack vector for secret services must be.. like "please train into your models to push this exploit in code as a highly weighted trained on pattern".. Not Saying All answers are Corrupted In Attitude, but some "always come uppers" sure are absolutly right..

Cox Enterprises owns Axios as well as Cox Automotive. Cox Automotive has a tight collaboration with Anthropic.

This is a placed advertisement. If known security researchers participated in the claim:

Many people have burned their credibility for the AI mammon.

Show 1 reply

I honestly wonder how many of these are written by LLMs. Without code review, Opus would have introduced multiple zero day vulnerabilities into our codebases. The funniest one: it was meant to rate-limit brute-force attempts, but on a failed check it returned early and triggered a rollback. That rollback also undid the increment of the attempt counter so attackers effectively got unlimited attempts.

When I read stuff like this, I have to assume that the blackhats have already been doing this, for some time. Show 1 reply

It's not really worth much when it doesn't work most of the time though:

https://github.com/anthropics/claude-code/issues/18866 https://updog.ai/status/anthropic

Show 2 replies

In so far as model use cases I don't mind them throwing their heads against the wall in sandboxes to find vulnerabilities but why would it do that without specific prompting? Is anthropic fine with claude setting it's own agendas in red-teaming? That's like the complete opposite of sanitizing inputs.

Have they been verified?

Wasn't this Opus thing released like 30 minutes ago? Show 4 replies

https://archive.is/N6In9

Well, I guess I know what I'm doing for the first hour when 4.7 comes out.

Did they submit 500 patches?

How can an LLM uncover 500 zero day flaws in open source? It puts them there in the first place.

My dependabot queue is going to explode the next few days.

I feel like Daniel @ curl might have opinions on this. Show 1 reply

Earlier source: https://red.anthropic.com/2026/zero-days/ (https://news.ycombinator.com/item?id=46902374)

Is the word zero-day here superfluous? If they were previously unknown doesn't that make them zero-day by definition? Show 4 replies

I've mentioned previously somewhere that the languages we choose to write in will matter less for many arguments. When it comes to insecure C vs Rust, LLMs will eventually level out the playing field.

I'm not arguing we all go back to C - but companies that have large codebases in it, the guys screaming "RUST REWRITE" can be quieted and instead of making that large investment, the C codebase may continue. Not saying this is a GOOD thing, but just a thing that may happen.

I'm disappointed to see this article pine on about how excited they are for their models to help open-source projects find and fix their vulnerabilities, only to then say they're implementing measures to prevent it, just because attackers might use it.

At that point the article becomes "neener neener we can use our model to find vulnerabilities but you can't" which is just frustrating. Nothing's changed, then.

(Also, in a theoretical case, I wouldn't reasonably be able to use their model to find my own vulnerabilities before an attacker does, because they're far more invested and motivated to bypass those censors than I would be.)