OPEN LINK ↗
// 58d agoVIDEO
Claude bests Carlini at bug finding
In a Security Cryptography Whatever episode, Nicholas Carlini says Anthropic's Claude is already useful for real vulnerability work, from smart-contract exploits to long-hidden Linux and Ghost bugs. The conversation is a strong signal that AI-assisted security research is moving from demo territory into practical workflow.
// ANALYSIS
The important shift here isn't that Claude replaces elite researchers; it's that it can keep grinding through code, history, and edge cases long after a human would have stopped.
- –Anthropic's February 2026 red-team post says Claude Opus 4.6 found high-severity 0-days in well-tested codebases like GhostScript, OpenSC, and CGIF, and validated them with proofs of concept.
- –The Linux/Ghost anecdotes matter because they depend on old fixes, narrow preconditions, and exploit reasoning, which is exactly where fuzzers and rushed reviewers tend to miss bugs.
- –Smart-contract exploit work raises the stakes further: once a model can reason from code to money, the downside is no longer a neat demo but real financial loss.
- –Carlini's praise is still partly inside-baseball, since he works at Anthropic, but the public red-team results line up with the broader claim that Claude's cyber capabilities are getting materially better.
// TAGS
claudellmagentreasoningresearchsafety
DISCOVERED
58d ago
2026-03-30
PUBLISHED
59d ago
2026-03-29
RELEVANCE
8/ 10
AUTHOR
Tolopono