Artificial intelligence (AI) company Anthropic revealed that its latest large language model (LLM), Claude Opus 4.6, has found more than 500 previously unknown high-severity security flaws in open-source libraries, including Ghostscript, OpenSC, and CGIF.
Claude Opus 4.6, which was launched Thursday, comes with improved coding skills, including code review and debugging capabilities, along with enhancements to tasks like financial analyses, research, and document creation.
Stating that the model is “notably better” at discovering high-severity vulnerabilities without requiring any task-specific tooling, custom scaffolding, or specialized prompting, Anthropic said it is putting it to use to find and help fix vulnerabilities in open-source software.
“Opus 4.6 reads and reasons about code the way a human researcher would—looking at past fixes to find similar bugs that weren’t addressed, spotting patterns that tend to cause problems, or understanding a piece of logic well enough to know exactly what input would break it,” it added.
Prior to its debut, Anthropic’s Frontier Red Team put the model to test inside a virtualized environment and gave it the necessary tools, such as debuggers and fuzzers, to find flaws in open-source projects. The idea, it said, was to assess the model’s out-of-the-box capabilities without providing any instructions on how to use these tools or providing information that could help it better flag the vulnerabilities.
The company also said it validated every discovered flaw to make sure that it was not made up (i.e., hallucinated), and that the LLM was used as a tool to prioritize the most severe memory corruption vulnerabilities that were identified.
Some of the security defects that were flagged by Claude Opus 4.6 are listed below. They have since been patched by the respective maintainers.
- Parsing the Git commit history to identify a vulnerability in Ghostscript that could result in a crash by taking advantage of a missing bounds check
- Searching for function calls like strrchr() and strcat() to identify a buffer overflow vulnerability in OpenSC
- A heap buffer overflow vulnerability in CGIF (Fixed in version 0.5.1)
“This vulnerability is particularly interesting because triggering it requires a conceptual understanding of the LZW algorithm and how it relates to the GIF file format,” Anthropic said of the CGIF bug. “Traditional fuzzers (and even coverage-guided fuzzers) struggle to trigger vulnerabilities of this nature because they require making a particular choice of branches.”
“In fact, even if CGIF had 100% line- and branch-coverage, this vulnerability could still remain undetected: it requires a very specific sequence of operations.”
The company has pitched AI models like Claude as a critical tool for defenders to “level the playing field.” But it also emphasized that it will adjust and update its safeguards as potential threats are discovered and put in place additional guardrails to prevent misuse.
The disclosure comes weeks after Anthropic said its current Claude models can succeed at multi-stage attacks on networks with dozens of hosts using only standard, open-source tools by finding and exploiting known security flaws.
“This illustrates how barriers to the use of AI in relatively autonomous cyber workflows are rapidly coming down, and highlights the importance of security fundamentals like promptly patching known vulnerabilities,” it said.
