FilterHN

Anthropic's Claude Opus 4.6 uncovers 500 zero-day flaws in open-source code

68 points

by speckx

1 hour ago

| past

| 13 comments

| axios.com

| HN

▲

_tk_

49 minutes ago

[-]

The system card unfortunately only refers to this [0] blog post and doesn't go into any more detail. In the blog post Anthropic researchers claim: "So far, we've found and validated more than 500 high-severity vulnerabilities".

The three examples given include two Buffer Overflows which could very well be cherrypicked. It's hard to evaluate if these vulns are actually "hard to find". I'd be interested to see the full list of CVEs and CVSS ratings to actually get an idea how good these findings are.

Given the bogus claims [1] around GenAI and security, we should be very skeptical around these news.

[0] https://red.anthropic.com/2026/zero-days/

[1] https://doublepulsar.com/cyberslop-meet-the-new-threat-actor...

▲

tptacek

18 minutes ago

[-]

I know some of the people involved here, and the general chatter around LLM-guided vulnerability discovery, and I am not at all skeptical about this.

▲

malfist

15 minutes ago

[-]

That's good for you, but that means nothing to anybody else.

▲

pchristensen

7 minutes ago

[-]

Nobody is right about everything, but tptacek's takes on software security are a good place to start.

▲

tptacek

1 minute ago

[-]

I'm interested in whether there's a well-known vulnerability researcher/exploit developer beating the drum that LLMs are overblown for this application. All I see is the opposite thing. A year or so ago I arrived at the conclusion that if I was going to stay in software security, I was going to have to bring myself up to speed with LLMs. At the time I thought that was a distinctive insight, but, no, if anything, I was 6-9 months behind everybody else in my field about it.

There's a lot of vuln researchers out there. Someone's gotta be making the case against. Where are they?

From what I can see, vulnerability research combines many of the attributes that make problems especially amenable to LLM loop solutions: huge corpus of operationalizable prior art, heavily pattern dependent, simple closed loops, forward progress with dumb stimulus/response tooling, lots of search problems.

Of course it works. Why would anybody think otherwise?

▲

majormajor

37 minutes ago

[-]

The Ghostscript one is interesting in terms of specific-vs-general effectiveness:

---

> Claude initially went down several dead ends when searching for a vulnerability—both attempting to fuzz the code, and, after this failed, attempting manual analysis. Neither of these methods yielded any significant findings.

...

> "The commit shows it's adding stack bounds checking - this suggests there was a vulnerability before this check was added. … If this commit adds bounds checking, then the code before this commit was vulnerable … So to trigger the vulnerability, I would need to test against a version of the code before this fix was applied."

...

> "Let me check if maybe the checks are incomplete or there's another code path. Let me look at the other caller in gdevpsfx.c … Aha! This is very interesting! In gdevpsfx.c, the call to gs_type1_blend at line 292 does NOT have the bounds checking that was added in gstype1.c."

---

It's attempt to analyze the code failed but when it saw a concrete example of "in the history, someone added bounds checking" it did a "I wonder if they did it everywhere else for this func call" pass.

So after it considered that function based on the commit history it found something that it didn't find from its initial fuzzing and code-analysis open-ended search.

As someone who still reads the code that Claude writes, this sort of "big picture miss, small picture excellence" is not very surprising or new. It's interesting to think about what it would take to do that precise digging across a whole codebase; especially if it needs some sort of modularization/summarization of context vs trying to digest tens of million lines at once.

▲

Topfi

38 minutes ago

[-]

The official release by Anthropic is very light on concrete information [0], only contains a select and very brief number of examples and lacks history, context, etc. making it very hard to gleam any reliably information from this. I hope they'll release a proper report on this experiment, as it stands it is impossible to say how much of this are actual, tangible flaws versus the unfortunately ever growing misguided bug reports and pull requests many larger FOSS projects are suffering from at an alarming rate.

Personally, while I get that 500 sounds more impressive to investors and the market, I'd be far more impressed in a detailed, reviewed paper that showcases five to ten concrete examples, detailed with the full process and response by the team that is behind the potentially affected code.

It is far to early for me to make any definitive statement, but the most early testing does not indicate any major jump between Opus 4.5 and Opus 4.6 that would warrant such an improvement, but I'd love nothing more than to be proven wrong on this front and will of course continue testing.

[0] https://red.anthropic.com/2026/zero-days/

▲

mrkeen

44 minutes ago

[-]

Daniel Stenberg has been vocal the last few months on Mastodon about being overwhelmed by false security issues submitted to the curl project.

So much so that he had to eventually close the bug bounty program.

https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-b...

▲

tptacek

17 minutes ago

[-]

We're discussing a project led by actual vulnerability researchers, not random people in Indonesia hoping to score $50 by cajoling maintainers about atyle nits.

▲

malfist

14 minutes ago

[-]

Vulnerability researches with a vested interest in making LLMs valuable. The difference isn't meaningful

▲

tptacek

13 minutes ago

[-]

I don't even understand how that claim makes sense.

▲

xiphias2

55 minutes ago

[-]

Just 100 from the 500 is from OpenClaw created by Opus 4.5

▲

emp17344

56 minutes ago

[-]

Sounds like this is just a claim Anthropic is making with no evidence to support it. This is an ad.

▲

input_sh

35 minutes ago

[-]

How can you not believe them!? Anthropic stopped Chinese hackers from using Claude to conduct a large-scale cyber espionage attack just months ago!

▲

littlestymaar

21 minutes ago

[-]

Poe's law strikes again: I had to check your profile to be sure this was sarcasm.

▲

ChrisMarshallNY

10 minutes ago

[-]

When I read stuff like this, I have to assume that the blackhats have already been doing this, for some time.

▲

acedTrex

49 minutes ago

[-]

Create the problem, sell the solution remains an undefeated business strategy.

▲

garbawarb

1 hour ago

[-]

Have they been verified?

▲

ains

53 minutes ago

[-]

https://archive.is/N6In9

▲

siva7

50 minutes ago

[-]

Wasn't this Opus thing released like 30 minutes ago?

▲

Topfi

34 minutes ago

[-]

I understand the confusion, this was done by Anthropics internal Red team as part of model testing prior to release.

▲

tintor

13 minutes ago

[-]

Singularity

▲

jjice

44 minutes ago

[-]

A bunch of companies get early access.

▲

input_sh

38 minutes ago

[-]

Yes, you just need to be a Claude++ plan!

▲

zhengyi13

47 minutes ago

[-]

I feel like Daniel @ curl might have opinions on this.

▲

fred_is_fred

48 minutes ago

[-]

Is the word zero-day here superfluous? If they were previously unknown doesn't that make them zero-day by definition?

▲

tptacek

16 minutes ago

[-]

It's a term of art. In print media, the connotation is "vulnerabilities embedded into shipping software", as opposed to things like misconfigurations.

▲

limagnolia

12 minutes ago

[-]

I though zero-day meant actively being exploited in the wild before a patch is available?

▲

bink

27 minutes ago

[-]

Yes. As a security researcher this always annoys me.

▲

ChrisArchitect

45 minutes ago

[-]

Earlier source: https://red.anthropic.com/2026/zero-days/ (https://news.ycombinator.com/item?id=46902374)