Vulnerability Research 'Cooked': AI Models Unlock Unprecedented Exploit Discovery

Theo - t3․gg
#ai #cybersecurity #vulnerabilities #exploits #software-security

Artificial intelligence models are rapidly transforming the landscape of cybersecurity, particularly in vulnerability research, leading to a significant surge in discovered exploits. Advanced models like Claude and GPT-5.4 Pro are demonstrating unprecedented capabilities, from identifying remote kernel RCEs in as few as 35 prompts to uncovering critical vulnerabilities in widely used frameworks like React and Next.js. This dramatic shift has prompted major AI labs to react: OpenAI is reportedly rerouting security-sensitive requests from its most advanced models (5.3 and 5.4) to a less capable version (5.2) and is actively developing new security products utilizing these powerful AIs. Similarly, Anthropic proactively partnered with Mozilla, where Claude Opus 4.6 alone identified 22 Firefox vulnerabilities prior to public release, highlighting a concerted effort to mitigate risks posed by these increasingly potent tools.

Experts are now grappling with the implications of what is being termed a ‘post-attention scarcity’ world in cybersecurity. Leading researchers, including Thomas, emphasize that the predicted deluge of AI-induced vulnerabilities isn’t due to AI writing flawed code, but rather AI’s exceptional ability to discover existing flaws, ushering in an era of ‘Vibe CVEs.’ Anthropic’s Frontier Red team, for instance, generated 500 high-severity vulnerabilities using simple, looped prompts with Claude Opus 4.6, demonstrating how AI agents can efficiently pattern-match bug classes, solve constraints, and test exploitability without human limitations like boredom. This scalability threatens open-source software with a relentless stream of verified exploits and poses a risk to critical infrastructure, from databases to industrial systems, previously considered ‘secure enough’ due to the scarcity of elite human attention. The consensus among veteran vulnerability researchers is clear: a disruptive transformation is imminent, with AI agents poised to supplant the majority of human vulnerability research, necessitating a re-evaluation of current security paradigms and potentially inviting ill-informed legislative responses.