Evaluating and mitigating the growing risk of LLM-discovered 0-days
Summary
Anthropic researchers demonstrate that Claude Opus 4.6 can discover meaningful 0-day vulnerabilities in open-source software without task-specific tooling, reporting hundreds of high-severity findings and contributing patches. The article outlines a three-part pipeline (addressing, feedback, residency), several vulnerability examples (GhostScript, OpenSC, CGIF), safeguards via probes and real-time intervention, and discusses implications for disclosure norms and security workflows as AI capabilities scale.