A talk given by an employee that stands to make millions from Anthropic going public, definitely not a conflict of interest by the individual.
replyIt is by the individual who (also with Claude) found the specific vulnerability used in this exploit.
replyI didn't say "watch this without critical thinking".
replyThe chance this is completly fabricated though is very low and its an highly interesting signal to many others.
There was also a really good AI CTF Talk at 39c3 hacker conference just 4 month ago.
But you did say “Claude is already able to find CVEs on expert level.”
replyPlease also read my comments with critical thinking and add my comment and its content to your own list of signals you trust :P
replyHaha alright good point
replyCarlini gives some more background about his vulnerability research with Claude in this interview by tptacek & co. https://securitycryptographywhatever.com/2026/03/25/ai-bug-f...
replydeleted
replyClaude is already able to find CVEs on expert level.
replyDoes it fix them as fast as it finds them? Bonus if it adds snarky code comments
I'm more interested if it fixes CVEs faster than it introduces them.
replyThat too. Honestly I am expecting that if AI is such the wonder-miracle that people act like it is that it should be able to spot complex back-doors that require multiple services that look benign when red teamed but when used in conjunction provide the lowest CPU ring access along with all the obfuscated undocumented CPU instructions and of course all the JTAG debugging functions of all the firmware.
reply