Anthropic hid its public release Mythos fault finding model due to concerns that it would allow attackers to find and exploit vulnerabilities before anyone could react.
However, the company's Opus 4.6 model, which was replaced by Opus 4.7 on Thursday, is capable of deploying functional exploits.
In one post on his blog On Wednesday, Mohan Pedhapati (s1r1us), CTO of Hacktron, described how he used Opus 4.6 to create a full exploit chain targeting the V8 JavaScript engine in Chrome 138, which is built into current versions of Discord.
“The V8 [out of bounds error] we used was from Chrome 146, the same version that Anthropic’s Claude Desktop runs on,” he said. “After a week, 2,3 billion tokens, $2.283 in API costs, and ~20 hours of untangling dead ends, it managed to create the exploit (popped calc).”
Eventually, any script kiddie with enough patience and an API key will be able to open shells.
“Popped calc” refers to the opening of the calculator application – an event commonly used in proof-of-concept exploit code to indicate that an attack has compromised the target system.
Pedhapati said that while $2.283 is a significant amount for an individual to pay to obtain the tokens needed to create the exploit, it is very little when you consider the weeks it would take an individual to develop a similar exploit without help.
Even if we add several thousand dollars for the time it took Pedhapati to provide the necessary instructions to the model, the amount is still significantly less than the theoretical reward (~$15.000) that someone could receive from Google and Discord's vulnerability bounty programs. On the other hand, who knows what criminals could pay for a hot 0-day?
According to the Opus 4.7 System Card, “Opus 4.7 is roughly similar to Opus 4.6 in cybersecurity capabilities.” But it’s apparently less capable than Mythos Preview and comes with “safety gates that automatically detect and block requests that indicate prohibited or high-risk cybersecurity uses.”
Although the press releases will range from very select to rare, I said I'd pass...because sometimes the editors hide.
