Claude Opus 4.6 Finds 500 Zero‑Day Bugs Out‑of‑the‑Box, Redefining Code Audits

When Anthropic announced Claude Opus 4.6, financial‑data providers such as FactSet plunged 10% intraday and indices including S&P Global, Moody’s and Nasdaq fell sharply, reflecting investor panic over a model that could potentially disrupt multiple software‑related industries.

According to Anthropic’s official blog, Opus 4.6 is “almost unrivaled” across core scenarios such as coding, knowledge work, search and reasoning. In the Terminal‑Bench 2.0 programming benchmark it achieved the highest score, and internal tests show it can plan tasks more thoroughly, run stably on large codebases, and improve code‑review and debugging precision while even detecting its own errors.

The model also addresses the long‑standing “over‑refusal” problem: on benign, harmless requests it refuses far less often than previous models, indicating a more nuanced alignment.

In a pre‑release red‑team exercise, Anthropic’s frontier security team placed Opus 4.6 in a sandbox with only Python and standard vulnerability tools (fuzzer, debugger) and no domain‑specific prompts. The model independently discovered more than 500 previously unknown high‑severity zero‑day bugs, each verified by Anthropic staff or external security researchers.

Notable examples include a crash‑inducing bug in GhostScript that was missed by traditional fuzzing and manual analysis—Claude traced the project’s git history to locate it—and buffer‑overflow vulnerabilities in OpenSC and CGIF, the latter accompanied by a proof‑of‑concept exploit written by the model itself.

Logan Graham, head of Anthropic’s red‑team, said he would not be surprised if autonomous code‑audit becomes a mainstream approach to open‑source software security.

Anthropic acknowledges the dual‑use risk of such capabilities and has added six new network‑security detection mechanisms, with plans to roll out a real‑time interception system to block malicious traffic.