[magicalhippo]

Key point is that Claude did not find the bug it exploits. It was given the CVE writeup[1] and was asked to write a program that could exploit the bug.

That said, given how things are I wouldn't be surprised if you could let Claude or similar have a go at the source code of the kernel or core services, armed with some VMs for the try-fail iteration, and get it pumping out CVEs.

If not now, then surely not in a too distant future.

[1]: https://www.freebsd.org/security/advisories/FreeBSD-SA-26:08...

[fragmede]

> Credits: Nicholas Carlini using Claude, Anthropic

Claude was used to find the bug in the first place though. That CVE write-up happened because of Claude, so while there are some very talented humans in the loop, Claude is quite involved with the whole process.

[magicalhippo]

> Claude was used to find the bug in the first place though. That CVE write-up happened because of Claude

Do you have a link to that? A rather important piece of context.

Wasn't trying to downplay this submission the way, the main point still stands:

But finding a bug and exploiting it are very different things. Exploit development requires understanding OS internals, crafting ROP chains, managing memory layouts, debugging crashes, and adapting when things go wrong. This has long been considered the frontier that only humans can cross.

Each new AI capability is usually met with “AI can do Y, but only humans can do X.” Well, for X = exploit development, that line just moved.

[jsnell]

> Do you have a link to that? A rather important piece of context.

It was a quote from your own link from the initial post?

https://www.freebsd.org/security/advisories/FreeBSD-SA-26:08...

> Credits: Nicholas Carlini using Claude, Anthropic

[magicalhippo]

Oh wow, blind as a bat.

Would have been interesting with a write-up of that, to see just what Claude was used for.

[jsnell]

Obviously no guarantees that it's exactly what was done in this case, but he talked about his general process recently at a conference and more in depth in a podcast:

https://www.youtube.com/watch?v=1sd26pWhfmg

https://securitycryptographywhatever.com/2026/03/25/ai-bug-f...

It pretty much is just "Claude find me an exploitable 0-day" in a loop.

[bayindirh]

Yes, that claim needs a source.

[lateforwork]

> get it pumping out CVEs.

Is that a good thing or bad?

I see that as a very good thing. Because you can now inexpensively find those CVEs and fix them.

Previously, finding CVEs was very expensive. That meant only bad actors had the incentive to look for them, since they were the ones who could profit from the effort. Now that CVEs can be found much more cheaply, people without a profit motive can discover them as well--allowing vulnerabilities to be fixed before bad actors find them.

[cogman10]

It's good and bad.

Not all CVEs are the same, some aren't important. So it really depends on what gets founds as a CVE. The bad part is you risk a flood a CVEs that don't matter (or have already been reported).

> That meant only bad actors had the incentive to look for them

Nah. Lot's of people look for CVEs. It's good resume fodder. In fact, it's already somewhat of a problem that people will look for and report CVEs on things that don't matter just so they can get the "I found and reported CVE xyz" on their resume.

What this will do is expose some already present flaws in the CVE scoring system. Not all "9"s are created equal. Hopefully that leads to something better and not towards apathy.

[evanmoran]

It also depends on if the CVEs can be fixed by LLMs too. If they can find and fix them, then it's very good.

[cogman10]

Fixing isn't often a problem for CVEs. The hard part is almost always finding the CVE in the first place.

There are some extreme cases that might require extensive code changes, and those would benefit from LLMs. But a lot of the issues are things like off by one issues with pointers.

[wepple]

Fixing is now the bottleneck.

Most patches are non-trivial and then each project/maintainer has a preferred coding style, and they’re being inundated with PRs already, and don’t take kindly to slop.

LLMs can find the CVE fully zero interaction, so it scales trivially.

[rtkwe]

The biggest question is can you meaningfully use Claude on defense as well, eg can it be trusted to find and fix the source of the exploit while maintaining compatibility. Finding the CVEs helps directly with attacks while only helping defenders detect potential attacks without the second step where the patch can also be created. If not you've got a situation where you've got a potential tidal wave of CVEs that still have to be addressed by people. Attackers can use CVE-Claude too so it becomes a bit of an arms race where you have to find people able and willing to spend all the money to have those exploits found (and hopefully fixed).

[ogig]

Setting up fuzzing used to be hard. I haven't tried yet, but my bet is having Claude Code, today, analyze a codebase and suggest where and how to fuzztest it and having it review the crashes and iterate, will produce CVEs.

[zer00eyz]

It has access to more testing data than I will ever look at. Letting it pull from that knowledge graph is going to give you good results! I just built a chunk of this (type of thinking) into my (now evolving) test harness.

1. Unit testing is (somewhat) dead, long live simulation. Testing the parts only gets you so far. These tests are far more durable, independent artifacts (read, if you went from JS to rust, how much of your testing would carry over)

2. Testing has to be "stand alone". I want to be able to run it from the command line, I want the output to be wrapper so I can shove the output on a web page, or dump it into an API (for AI)

3. Messages (for failures) matter. These are not just simple what's broken, but must contain enough info for context.

4. Your "failed" tests should include logs. Do you have enough breadcrumbs for production? If not, this is a problem that will bite you later.

5. Any case should be an accumulation of state and behavior - this really matters in simulation.

If you have done all the above right and your tool can return all the data, dumping the output into the cheapest model you can find and having it "Write a prompt with recommendations on a fix (not actual code, just what should be done beyond "fix this") has been illuminating.

Ultimately I realized that how I thought about testing was wrong. Its output should be either dead simple, or have enough information that someone with zero knowledge could ramp up into a fix on their first day in the code base. My testing was never this good because the "cost of doing it that way" was always too high... this is no longer the case.

[xfalcox]

Our CEO did that at our company and found 33 CVEs. Rails also did that and found 7 or 8.

[AugSun]

... get ready for RIF soon.

[wslh]

While it's great to clarify, LLMs are actually finding bugs and writing exploits [1][2]. There are more example though.

[1] https://news.ycombinator.com/item?id=47589227

[2] https://xbow.com/

[giancarlostoro]

Another great example is how Claude is helping Mozilla find zero day exploits in Firefox, by the hundreds, and ranging from minor to CVE level, for over a year:

https://blog.mozilla.org/en/firefox/hardening-firefox-anthro...

I think the Mozilla example is a good one because its a large codebase, lots of people keep asking "how does it do with a large codebase" well there you go.

[wslh]

And you can check the list of bugs being discovered by Anthropic's Red Team: https://red.anthropic.com/

[Cloudef]

You can let agent churn unattended if you have some sort of known goal. Write a test that should not pass and then tell the agent to come up with something that passes the test without changing the test itself.

For this kind of fuzzing llms are not bad.

[vinnymac]

When doing this remove write permissions on the test file, it will do a much better job of staying the course over long periods. I've been doing this for over a year now.

[muskstinks]

You might want to watch this:

https://www.youtube.com/watch?v=1sd26pWhfmg

Claude is already able to find CVEs on expert level.

[shimman]

A talk given by an employee that stands to make millions from Anthropic going public, definitely not a conflict of interest by the individual.

[pama]

It is by the individual who (also with Claude) found the specific vulnerability used in this exploit.

[muskstinks]

I didn't say "watch this without critical thinking".

The chance this is completly fabricated though is very low and its an highly interesting signal to many others.

There was also a really good AI CTF Talk at 39c3 hacker conference just 4 month ago.

[ale]

But you did say “Claude is already able to find CVEs on expert level.”

[muskstinks]

Please also read my comments with critical thinking and add my comment and its content to your own list of signals you trust :P

[ale]

Haha alright good point

[dloss]

Carlini gives some more background about his vulnerability research with Claude in this interview by tptacek & co. https://securitycryptographywhatever.com/2026/03/25/ai-bug-f...

[Bender]

Claude is already able to find CVEs on expert level.

Does it fix them as fast as it finds them? Bonus if it adds snarky code comments

[snovv_crash]

I'm more interested if it fixes CVEs faster than it introduces them.

[Bender]

That too. Honestly I am expecting that if AI is such the wonder-miracle that people act like it is that it should be able to spot complex back-doors that require multiple services that look benign when red teamed but when used in conjunction provide the lowest CPU ring access along with all the obfuscated undocumented CPU instructions and of course all the JTAG debugging functions of all the firmware.

[cryptbe]

>Key point is that Claude did not find the bug it exploits.

It found the bug man. You didn't even read the advisory. It was credited to "Nicholas Carlini using Claude, Anthropic".

[Foobar8568]

Look at Xbow which spawned a few "open source" competitors.

[themafia]

They tried. It didn't work that well:

https://red.anthropic.com/2026/zero-days/

[tptacek]

Sorry, can you clarify what you're saying here? What didn't work that well?

[themafia]

Letting Claude get at the source code to try to find CVEs. I found it particularly entertaining that after finding none it just devolved to a grep for "strcat."

[tptacek]

Oh, I see. No, you're wrong. That's absolutely not what it did and not at all an accurate way to sum up what it found.

This isn't a complete rebuttal to your argument but I'll note with irony that we're commenting on a thread about a FreeBSD kernel remote that Claude both found and wrote a reliable exploit for (though people will come out of the woodwork to say that reliable exploitation of FreeBSD kernel remotes isn't much of a flex).

Here, from the exact tranche of vulnerabilities you're saying was just a "grep for strcat", are the Firefox findings:

https://www.mozilla.org/en-US/security/advisories/mfsa2026-1...

We're getting to a point, like we did with coding agents last year, where you can just say "I believe my lying eyes". Check out a repository and do Carlini's "foreach FILE in $(sourcefiles); <run claude -p and just ask for zero days starting from that file>". I did last night, and my current dilemma is how obligated I am to report findings.

[themafia]

It's from the link I posted. Claude's own team in January trying to do exactly what you suggested and ending with results that are less than promising. It's their blog. I assumed it represented the pinnacle of their research.

We're getting a point where anecdotes are being used in place of reason. I'd think you want to ask "how many bug bounties are earned by humans vs AI assistants?" If there's money to be made in finding 0-days then shouldn't there be ample evidence of this?

[tptacek]

You can see now that you assumed wrong.

[joe_mamba]

How did you managed to get it to do that? When I gave it instructions to use Ghidra MCP to look for vulnerabilities in a windows driver on my local machine it refused saying it's not allowed to do pentest activities even if sandboxed to your own device.

[tonyarkles]

Not who you were asking and not explicitly looking for vulnerabilities... I have gotten a ton of mileage from getting Claude to reverse engineer both firmware and applications with Ghidra and radare2. My usual prompt starts with "Here's the problem I'm having [insert problem]. @foo.exe is the _installer for the latest firmware update_. Extract the firmware and determine if there's a plausible path that could cause this problem. Document how you've extracted the firmware, how you've done the analysis, and the ultimate conclusions in @this-markdown-file.md"

I have gotten absolutely incredible results out of it. I have had a few hallucinations/incorrect analyses (hard to tell which it was), but in general the results have been fantastic.

The closest I've come to security vulnerabilities was a Bluetooth OBD-II reader. I gave Claude the APK and asked it to reverse engineer the BLE protocol so that I could use the device from Python. There was apparently a ton of obfuscation in the APK, with the actual BLE logic buried inside an obfuscated native code library instead of Java code. Claude eventually asked me to install the Android emulator so that it could use https://frida.re to do dynamic instrumentation instead of relying entirely on static analysis. The output was impressive.

[rurban]

Nonsense. Claude did find this CVE and hundreds of similar Linux CVE's, plus it did the complete writeup and the reproducer. The Linux bugs are more worrying. His backlog is hundreds of yet unreported zero days.

He did a talk at unblocked last month.

[rurban]

Not unblocked but unprompted: https://www.youtube.com/watch?v=1sd26pWhfmg Great talk.

[petcat]

> have a go at the source code of the kernel or core services, armed with some VMs for the try-fail iteration, and get it pumping out CVEs.

FreeBSD kernel is written in C right?

AI bots will trivially find CVEs.

[pjmlp]

The Morris worm lesson is yet to be taken seriously.

[pitched]

We’re here right now looking at a CVE. That has to count as progress?