Anthropic’s Claude Opus AI model has demonstrated the ability to generate functional exploit code targeting software vulnerabilities, raising fresh concerns about how advanced artificial intelligence could influence cybersecurity risks. The development comes amid ongoing discussion about Anthropic’s more advanced Mythos model, which was withheld from public release due to fears that it could accelerate vulnerability discovery and exploitation. However, evidence suggests that even currently available models are already capable of producing working exploit chains when guided by skilled users.
According to a technical blog post by Mohan Pedhapati, chief technology officer of Hacktron, Claude Opus 4.6 was used to construct a full exploit chain targeting a vulnerability in the V8 JavaScript engine used by Google Chrome version 138. The same engine is also embedded in widely used applications such as Discord, which rely on Chromium based frameworks. Pedhapati described the process as requiring approximately one week of iterative prompting, involving around 2.3 billion tokens and total API costs of 2,283 US dollars. The effort also included roughly 20 hours of manual intervention to resolve model errors and guide the system toward a working result. The final outcome successfully triggered a system level action commonly referred to as “popping calc,” where the calculator application is launched as a demonstration that code execution was achieved on the target system.
Pedhapati noted that while the cost of 2,283 dollars may appear significant for individual researchers, it remains relatively low when compared to the time and expertise required to manually develop similar exploits without AI assistance. He also suggested that the cost is far below potential rewards offered through legitimate vulnerability disclosure programs, which can reach approximately 15,000 dollars for certain classes of software flaws. He further highlighted that underground markets could assign even higher value to functional zero day exploits, increasing the incentive for automated exploit generation tools as they become more capable.
Anthropic has stated that its newer Opus 4.7 model is broadly similar in cybersecurity related capabilities to Opus 4.6, although it includes additional safeguards designed to detect and block prompts associated with prohibited or high risk cyber activities. The Mythos model, which remains unreleased, is reported to have stronger capabilities in vulnerability discovery but was restricted due to safety concerns. Despite these distinctions, Pedhapati argued that model version differences are less significant than the broader trend of rapidly improving code generation systems, which increasingly reduce the technical barrier for exploit development.
The findings have sparked discussion around the security implications for software ecosystems that rely heavily on rapid update cycles, particularly applications built on frameworks such as Electron. Many widely used applications, including Discord and Slack, depend on Chromium based components that may lag behind the latest Chrome releases. In the case highlighted by Pedhapati, Discord was reportedly running on Chrome version 138, which is several major releases behind the current version. Even though Electron 41.2.1 includes Chrome 146, discrepancies between upstream browser updates and deployed application versions can leave systems exposed for extended periods. Pedhapati also pointed out that open source ecosystems face additional challenges because security fixes are often visible in public repositories before users fully apply updates, creating potential opportunities for exploitation.
Pedhapati warned that improvements in AI assisted exploit generation could significantly shorten the window between vulnerability disclosure and active exploitation. He argued that every software patch may inadvertently reveal details about the underlying flaw, effectively serving as a guide for attackers using AI tools. His recommendations include prioritizing security during development rather than post release patching, improving dependency management practices, and automating security updates where possible. He also emphasized the need for caution in releasing detailed vulnerability information in open source projects, noting that public commits can provide actionable signals for adversaries equipped with advanced AI models and sufficient computational resources.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
