[muskstinks]

You might want to watch this:

https://www.youtube.com/watch?v=1sd26pWhfmg

Claude is already able to find CVEs on expert level.

[shimman]

A talk given by an employee that stands to make millions from Anthropic going public, definitely not a conflict of interest by the individual.

[pama]

It is by the individual who (also with Claude) found the specific vulnerability used in this exploit.

[muskstinks]

I didn't say "watch this without critical thinking".

The chance this is completly fabricated though is very low and its an highly interesting signal to many others.

There was also a really good AI CTF Talk at 39c3 hacker conference just 4 month ago.

[ale]

But you did say “Claude is already able to find CVEs on expert level.”

[muskstinks]

Please also read my comments with critical thinking and add my comment and its content to your own list of signals you trust :P

[ale]

Haha alright good point

[dloss]

Carlini gives some more background about his vulnerability research with Claude in this interview by tptacek & co. https://securitycryptographywhatever.com/2026/03/25/ai-bug-f...

[Bender]

Claude is already able to find CVEs on expert level.

Does it fix them as fast as it finds them? Bonus if it adds snarky code comments

[snovv_crash]

I'm more interested if it fixes CVEs faster than it introduces them.

[Bender]

That too. Honestly I am expecting that if AI is such the wonder-miracle that people act like it is that it should be able to spot complex back-doors that require multiple services that look benign when red teamed but when used in conjunction provide the lowest CPU ring access along with all the obfuscated undocumented CPU instructions and of course all the JTAG debugging functions of all the firmware.