Claude bests Carlini at bug finding

The important shift here isn't that Claude replaces elite researchers; it's that it can keep grinding through code, history, and edge cases long after a human would have stopped.

• –Anthropic's February 2026 red-team post says Claude Opus 4.6 found high-severity 0-days in well-tested codebases like GhostScript, OpenSC, and CGIF, and validated them with proofs of concept.
• –The Linux/Ghost anecdotes matter because they depend on old fixes, narrow preconditions, and exploit reasoning, which is exactly where fuzzers and rushed reviewers tend to miss bugs.
• –Smart-contract exploit work raises the stakes further: once a model can reason from code to money, the downside is no longer a neat demo but real financial loss.
• –Carlini's praise is still partly inside-baseball, since he works at Anthropic, but the public red-team results line up with the broader claim that Claude's cyber capabilities are getting materially better.