Anthropic reports vulnerabilities to developers, but only following human verification.
Anthropic, despite only recently launching its newest large language model, Claude Opus 4.6, has already been leveraging it internally to pinpoint zero-day vulnerabilities within open-source software.
During a trial, Claude was deployed within a virtual machine, granted access to current open-source projects, and equipped with common utilities and vulnerability analysis tools. Notably, it received no specific guidance on tool usage or vulnerability detection methods.
Even without explicit instructions, Opus 4.6 successfully pinpointed 500 high-severity vulnerabilities. Anthropic personnel are currently confirming these discoveries prior to notifying developers, ensuring the LLM’s reports are accurate and free from hallucinations or false positives, as detailed in a company blog post.
The company stated, “AI language models are proving adept at discovering new vulnerabilities and are expected to soon surpass even highly skilled human researchers in both speed and scope.”
Anthropic likely aims to bolster its standing within the software security sector, especially since its AI has previously been utilized for automated attacks.
This demonstrates the expanding capabilities of AI, as other organizations are also deploying AI for bug detection.
Conversely, some software developers are struggling with an influx of low-quality AI-generated bug reports, leading at least one project to discontinue its bug-bounty program due to exploitation by AI-enhanced hunters.
The original publication of this article was on CSOonline.com.
