Edited by humans. Written by AI. How our editing works
All articles

AI Just Found 500 Zero-Day Bugs. Now It's Writing Exploits

Anthropic's Claude found 500 vulnerabilities and wrote working exploits for Firefox. The AI security research era is here, and it's complicated.

Zara Chen

Written by AI. Zara Chen

March 13, 20265 min read
Share:
A coral-colored starburst icon with white text reading "IT'S" and red text reading "OVER" against a black background

Photo: Low Level / YouTube

Here's something that should make you sit up: Anthropic's Claude model just found 500 zero-day vulnerabilities in open-source software. Twenty-two of them were in Firefox. Fourteen were high severity. And then—this is the part that gets interesting—the AI wrote working exploits for them.

Not theoretical exploits. Not proof-of-concept sketches. Actual, functioning code that could compromise a browser.

The technical YouTuber behind Low Level walked through what happened, and honestly? The details matter here because they complicate the narrative in ways that make this whole thing more fascinating than scary.

The Bug That Wasn't (And The One That Was)

First, the reality check: finding a vulnerability isn't the same as finding an exploitable vulnerability. And Claude's batting average isn't perfect.

Low Level points to an OpenSC case where Claude flagged what looked like a classic buffer overflow—multiple strcat operations that don't check string length before concatenating. Textbook unsafe C code. Except when you actually read the implementation, there's a hardcoded 64-byte limit that makes the whole thing safe. "There is no vulnerability here," Low Level notes. The OpenSC maintainers ended up switching to strlcat anyway, but more as defensive hygiene than fixing an actual bug.

This matters because it surfaces a tension in AI security research: pattern recognition without full context can flag problems that aren't problems. The model sees strcat and rings alarm bells because strcat is often dangerous. But code doesn't exist in a vacuum.

That said—and this is where it gets wild—Claude did find a real vulnerability in Firefox. A complex, stateful bug in how WebAssembly bindings interact with JavaScript. The kind of thing that's genuinely difficult to discover through traditional methods.

When AI Does Exploit Development

Here's what Anthropic actually did: they gave Claude a virtual machine, a task verifier, and 350 attempts to write a working exploit. Total token cost? About $4,000.

For context, a professional exploit developer might make $200,000 annually. This AI did comparable work—on a specific, admittedly constrained task—for the cost of a decent used car.

The Firefox bug involved a use-after-free condition in WebAssembly's JavaScript bindings. As Low Level explains, "from a pure static analysis perspective... this would be very hard to find. And also because it's a weird binding process between web assembly and JavaScript, it's also very hard to fuzz this."

Fuzzing—throwing malformed input at software to find crashes—struggles with grammar-based languages. WebAssembly is grammar-based. So is JavaScript. Finding a stateful bug between two grammars? That's security researcher nightmare difficulty.

But LLMs are weirdly good at reasoning about state when you give them bounded scope. Claude walked through the entire exploit development process: creating an address leak primitive to defeat ASLR (address space layout randomization), forging JavaScript objects at arbitrary addresses, building read and write primitives. The stuff you'd see in a professional exploit chain.

Low Level is clear-eyed about the limitations: "they were not able to break out of the browser sandbox." Getting code execution inside Firefox is one thing. Actually touching the host system requires breaking through another layer of defense. But still. We're watching AI do graduate-level exploit engineering.

The Velocity Problem

The CyberGym project at UC Berkeley benchmarks AI models against 1,500 known vulnerabilities across 188 projects. In May 2024, GPT-4 hit a 7.4% success rate at reproducing target vulnerabilities. Less than a year later, Claude Opus 4.6 is at 66.6%.

That's not incremental improvement. That's a phase shift.

And then there's the malware angle. An Advanced Persistent Threat group (Low Level thinks Russian, but isn't certain) was caught using what researchers are calling "vibe-coded malware"—AI-generated attack tools. The APT can iterate endlessly: change the process injection technique, rewrite the obfuscation algorithm, switch from Rust to Nim to Crystal (a language Low Level hadn't even heard of).

As Low Level puts it: "The ability to just arbitrarily change this under the hood and produce new malware basically for free creates a very difficult problem for defenders."

Industry types coined a term for this: "Distributed Denial of Detection." Which... okay, that's very cybersecurity-industrial-complex. But the concept is real—signature-based defenses struggle when attackers can generate infinite variations.

What This Actually Means

Low Level's advice for regular humans is practical: defense in depth, multi-factor authentication, hardware security keys (he uses YubiKeys daily), keep Windows Defender updated if you're on Windows. Nothing revolutionary, but worth repeating because it's still true.

For security researchers, his take is more nuanced. He's used AI for reverse engineering work himself (on Fortinet firmware, though he's still figuring out how to publish those findings). The tech is legitimately useful. But—and this is critical—you have to verify everything.

"If you do RE with an AI, make sure that you're actually testing it so that you're not causing people to remove their projects from HackerOne because of how much BS they got," he warns.

Which gets at something important that often gets lost in AI security coverage: this isn't about whether AI can find bugs. It demonstrably can. The questions are about false positive rates, about verification workflows, about what happens when everyone has access to exploit-writing capability.

Low Level frames this as "security researchers doing security research alongside an agent that may be working at the same speed if not faster than the researcher themselves." Not replacement. Augmentation. But augmentation that fundamentally changes the economics and timeline of vulnerability research.

We're not in the future yet where AI autonomously pwns the internet. But we're definitely past the point where AI security research is theoretical. The Firefox exploit exists. The malware variations exist. The 66.6% success rate exists.

The question isn't whether this is coming. It's already here. What we do with that information—how defenders adapt, how researchers verify, how the broader security ecosystem adjusts—that's the actual conversation worth having.

—Zara Chen

From the BuzzRAG Team

AI Moves Fast. We Keep You Current.

Framework breakdowns, tool comparisons, and AI coding insights — distilled from the best tech YouTube creators. Free, weekly.

Weekly digestNo spamUnsubscribe anytime

More Like This

A muscular orange cartoon character flexing with "200X UPDATE" text above, representing a major system upgrade or improvement

Claude Code Channels: AI Coding From Your Phone Now

Anthropic's new Claude Code Channels lets you text your AI coding assistant via Telegram or Discord. Here's what it means for autonomous AI agents.

Zara Chen·4 months ago·6 min read
Two ThinkPad laptops from 2010 and 2025 displayed side-by-side, showing 15-year evolution in design and display technology.

Choosing the Perfect Dev Laptop: AI vs. Traditional Coding

Explore top laptops for AI and coding, balancing performance, price, and specs at MicroEnter Phoenix.

Zara Chen·7 months ago·3 min read
A red robot icon and Claude app logo face off against a purple circuit board background with bold yellow text reading…

Claude Just Built OpenClaw's Best Features—Minus the Chaos

Anthropic's Claude rolls out scheduled tasks, auto-memory, and remote control—all the automation you want, none of the security nightmares.

Zara Chen·5 months ago·5 min read
Man with disappointed expression wearing glasses next to curl logo and red "WE QUIT" banner

AI Slop Just Killed Curl's Bug Bounty Program

Daniel Stenberg shut down Curl's bug bounty after AI-generated vulnerability reports overwhelmed his team with fake bugs. What happens when automation breaks good faith?

Zara Chen·5 months ago·6 min read
Man smiling at camera next to whiteboard listing "Top 1% User" techniques including /optimizer, context rot, compaction,…

The Hidden Math Behind Claude's Session Limits

AI automation expert Nate Herk breaks down why Claude users hit session limits—and the counterintuitive strategies that actually work to avoid them.

Zara Chen·3 months ago·5 min read
A man in business attire smiles beside large text reading "CAVEMAN" with a subtitle about token efficiency, featuring…

The Caveman Skill Makes AI Shut Up and Save You Money

New Claude skill cuts AI verbosity by 45%, potentially saving token costs—but the math gets complicated. Here's what actually works and what doesn't.

Zara Chen·3 months ago·5 min read
Man with serious expression next to Claude Design by Anthropic Labs logo on black background

I Tested Claude Design: Here's What Happened to My UI

Developer OrcDev spent hours testing Anthropic's Claude Design AI tool. The results reveal what AI can—and critically can't—do for interface design.

Zara Chen·3 months ago·5 min read
Three app icons showing evolution from cracked 2000 design to colorful 2010 version to modern clean orange loading icon

AI Video Editing: Claude's Natural Language Promise vs Reality

Nate Herk claims Claude can replace video editors with natural language prompts. We tested his methods with Claude Design and Hyperframes to see what actually works.

Mike Sullivan·3 months ago·6 min read

RAG·vector embedding

2026-04-15
1,359 tokens1536-dimmodel text-embedding-3-small

This article is indexed as a 1536-dimensional vector for semantic retrieval. Crawlers that parse structured data can use the embedded payload below.