The post Orbital Ambitions: Anthropic Taps Musk’s “Colossus” to Double Claude’s Power and Eye the Stars appeared first on Daily CyberSecurity.

The post PromptMink Tricked AI Agents into Planting Malware appeared first on Daily CyberSecurity.

PocketOS founder says Cursor AI agent deleted its production database in 9 seconds after misusing a root API token, exposing major Railway security flaws.

Claude Opus created a working Chrome exploit for $2,283, showing that widely available AI models can already find and weaponize vulnerabilities.

Claude Opus managed to produce a functional Chrome exploit for just $2,283, raising concerns about how easily AI can be used to find and exploit vulnerabilities.

Below is the cost of the experiment:

Model	Tokens	Cost
Claude Opus 4.6 (high)	2,140M	$2,014
Claude Opus 4.6 (high-thinking)	189M	$267
Claude Sonnet / GPT-5.4 (minor)	—	~$2
Total	2,330M across 1,765 requests	$2,283

While Anthropic held back its more advanced Mythos model over safety fears, even earlier, widely accessible models like Opus 4.6 can already generate real attack code, showing that the risk is not theoretical but already here.

“I pointed Claude Opus at Discord’s bundled Chrome (version 138, nine major versions behind upstream) and asked it to build a full V8 exploit chain. The V8 OOB we used was from Chrome 146, the same version Anthropic’s own Claude Desktop is running.” wrote Mohan Pedhapati, CTO of Hacktron. “A week of back and forth, 2.3 billion tokens, $2,283 in API costs, and about ~20 hours of me unsticking it from dead ends. It popped calc.”

Building the Chrome exploit cost about $6,283, but the return can easily exceed that. Programs like Google’s v8CTF pay $10,000 per valid exploit, and past submissions earned $5,000, with even higher offers appearing privately. Similar bugs could bring large rewards from companies like Anthropic. Overall, the cost already pays off in legitimate bug bounty programs, and could be far more profitable in underground markets.

Anthropic Mythos announcement sparked debate, with some calling it hype and others raising alarms. Beyond the noise, it highlights a real issue: AI models can already turn patches into working exploits, as shown with Chrome’s V8. The real risk lies in slow patching, outdated systems become easy targets. Whether Mythos lives up to the hype or not, progress won’t stop. Sooner or later, even low-skilled attackers with access to AI tools will exploit unpatched software.

The experts pointed out that Electron apps like Discord, Slack, and Teams bundle their own Chromium versions, often lagging weeks or months behind updates. This creates “patch gaps” where known V8 vulnerabilities remain exploitable. Researchers have already shown real-world exploits, including remote code execution on Discord. Many apps still run outdated versions, sometimes missing key protections like sandboxing, making full exploit chains easier. As a result, widely used applications remain exposed to known flaws long after patches exist upstream.

“I picked Discord as my target. It only needs two bugs for a full chain since there’s no sandbox on the main window. It’s sitting on Chrome 138, nine major versions behind current.” continues Pedhapati. “You’d still need an XSS on discord.com to deliver the payload. I’ll leave how hard that is as an exercise for the reader.”

Pedhapati explained that Claude Opus still needs heavy human guidance to build exploits. It often gets stuck, loses context, guesses instead of verifying, and even changes the goal when it can’t solve a problem. It doesn’t recover on its own, so the operator must step in, debug issues, and guide it forward. Setting up the right environment and managing sessions also takes significant effort.

Even with these limits, the trend is clear: future models will need less supervision. As AI speeds up exploit development, it shrinks the time needed to weaponize bugs, while patching still lags. This gap will likely increase real-world attacks.

Security patches themselves reveal vulnerabilities, and AI can quickly turn them into exploits. Open-source code makes this easier, since fixes appear publicly before updates spread. You can’t hide these changes anymore, AI can scan and analyze everything.

“Every patch is basically an exploit hint. A security patch in Chromium or the Linux kernel tells you exactly what was broken. Reverse-engineering patches used to take skill and time. Now you can throw tokens at the problem and, with a decent operator nudging it past stuck points, get to a working exploit much faster.” continues the expert.

The real advantage goes to small, skilled teams. One expert can manage multiple AI-driven exploit efforts at once, greatly increasing their impact compared to less capable attackers.

The researchers doubts AI progress will slow and warns that simply saying “patch faster” isn’t enough. Teams should build security into development from the start, track all dependencies to know what they run, and enforce automatic updates to remove delays. He also suggests rethinking how and when patches get published, since public fixes can quickly turn into exploit blueprints for attackers using AI.

“This sounds crazy, but maybe Chrome, or any open source software, shouldn’t publish V8 patches before the stable release ships. Every public commit is a starting gun for anyone with an API key and strong team members who can weaponize exploits.” he concludes.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Claude)

Anthropic used Claude Opus 4.6 to identify 22 Firefox vulnerabilities, most of which were high severity, all of which were fixed in Firefox 148, released in January 2026.

Anthropic discovered 22 security vulnerabilities in Firefox using its Claude Opus 4.6 AI model in January 2026. Mozilla addressed these issues in Firefox 148.

The researchers state that AI models are now capable of finding high-severity software flaws independently. They identified 22 Firefox vulnerabilities in two weeks, 14 of which were high-severity, nearly a fifth of all high-severity Firefox issues fixed in 2025, demonstrating AI’s ability to rapidly detect critical security risks in complex software.

In late 2025, Anthropic evaluated Claude Opus 4.6 on Firefox to test its ability to identify complex, high-impact security vulnerabilities. Initially, the model successfully reproduced many historical CVEs from older Firefox versions. Researchers then tasked Claude with finding new, previously unreported bugs, starting with the JavaScript engine. Within twenty minutes, Claude identified a Use After Free vulnerability, which the team validated and reported to Mozilla along with a proposed patch. While triaging, Claude discovered dozens of additional crashes, leading to a total of 112 unique reports across nearly 6,000 C++ files.

“After a technical discussion about our respective processes and sharing a few more vulnerabilities we had manually validated, they encouraged us to submit all of our findings in bulk without validating each one, even if we weren’t confident that all of the crashing test cases had security implications.” reads the report published by Anthropic. “By the end of this effort, we had scanned nearly 6,000 C++ files and submitted a total of 112 unique reports, including the high- and moderate-severity vulnerabilities mentioned above. “

Most issues, including high- and moderate-severity vulnerabilities, were fixed in Firefox 148, with remaining patches planned for future releases.

Mozilla praised the collaboration and began experimenting internally with AI-assisted security research. This project demonstrates AI’s growing capacity to rapidly detect and report critical software flaws.

To test Claude Opus 4.6’s ability to exploit vulnerabilities, researchers provided it with bugs previously submitted to Mozilla and asked it to create functional exploits. Claude attempted several hundred tests, demonstrating attacks that read and wrote local files, spending around $4,000 in API credits. It successfully produced working exploits in only two cases, showing that while the model excels at finding vulnerabilities, exploiting them remains far more difficult and costly.

“We ran this test several hundred times with different starting points, spending approximately $4,000 in API credits. Despite this, Opus 4.6 was only able to actually turn the vulnerability into an exploit in two cases. This tells us two things.” continues the report. “One, Claude is much better at finding these bugs than it is at exploiting them. Two, the cost of identifying vulnerabilities is an order of magnitude cheaper than creating an exploit for them. However, the fact that Claude could succeed at automatically developing a crude browser exploit, even if only in a few cases, is concerning.”

The successful exploits were “crude” and worked only in controlled test environments with security features like sandboxing disabled, meaning real-world impact would be limited. Nonetheless, Claude’s ability to automatically generate even primitive browser exploits highlights the potential risks as AI-assisted offensive capabilities advance.

“These early signs of AI-enabled exploit development underscore the importance of accelerating the find-and-fix process for defenders.” concludes the report. “In our experience, Claude works best when it’s able to check its own work with another tool. We refer to this class of tool as a “task verifier”: a trusted method of confirming whether an AI agent’s output actually achieves its goal. Task verifiers give the agent real-time feedback as it explores a codebase, allowing it to iterate deeply until it succeeds. Task verifiers helped us discover the Firefox vulnerabilities described above,² and in separate research, we’ve found that they’re also useful for fixing bugs.”

Mozilla reported that AI-assisted analysis uncovered 90 additional Firefox bugs, mostly fixed, including logic errors missed by traditional fuzzing, highlighting AI’s growing role in security.

“The scale of findings reflects the power of combining rigorous engineering with new analysis tools for continuous improvement. We view this as clear evidence that large-scale, AI-assisted analysis is a powerful new addition in security engineers’ toolbox.” states Mozilla.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Anthropic Claude)