Claude Opus 4.6 Generated Chrome Exploit for $2,283 in API Costs
Anthropic's Claude Opus 4.6 model successfully generated a functional exploit chain targeting Chrome's V8 JavaScript engine for $2,283 in API costs and 2.3 billion tokens. Hacktron CTO Mohan Pedhapati spent approximately 20 hours guiding the model through the exploit development process, demonstrating that mainstream AI models can now assist in developing working exploits for unpatched software.
Claude Opus 4.6 Generated Chrome Exploit for $2,283 in API Costs
Anthropic's Claude Opus 4.6 model successfully generated a functional exploit chain targeting Chrome's V8 JavaScript engine for $2,283 in API costs, according to research published by Hacktron CTO Mohan Pedhapati.
The demonstration, which cost 2.3 billion tokens and required approximately 20 hours of human guidance, targeted Chrome 138 bundled in Discord. The exploit chain successfully achieved code execution—demonstrated by opening the calculator app, a standard proof-of-concept indicator.
Cost Analysis and Implications
At $2,283, the exploit development cost represents a fraction of what comparable manual work would require. Pedhapati notes this amount is significantly less than the theoretical $15,000 reward available through Google's and Discord's vulnerability reward programs, even before accounting for the weeks of manual work saved.
The research used publicly known vulnerabilities from Chrome 146—the same version running in Anthropic's own Claude Desktop application—to demonstrate the exploit development capabilities.
Model Capabilities and Safeguards
According to Anthropic's Opus 4.7 System Card, the newer Opus 4.7 model released Thursday shows "roughly similar" cyber capabilities to Opus 4.6. However, Opus 4.7 includes safeguards that "automatically detect and block requests that indicate prohibited or high-risk cybersecurity uses."
Anthropic has withheld its Mythos bug-finding model from public release specifically due to concerns about enabling attackers to find and exploit vulnerabilities before patches are available. Despite this, Pedhapati's work demonstrates that publicly available models already possess significant exploit development capabilities.
Security Implications
The research highlights a critical security challenge: Discord was running Chrome 138, nine major versions behind the current Chrome 147.0.7727.101/102. Electron 41.2.1, released April 15, bundles Chrome 146.0.7680.188—just one version behind current—but Electron-based applications don't necessarily update their dependencies immediately.
"Whether Mythos is overhyped or not doesn't matter," Pedhapati said. "The curve isn't flattening. If not Mythos, then the next version, or the one after that. Eventually, any script kiddie with enough patience and an API key will be able to pop shells on unpatched software."
Recommendations
Pedhapati argues that as AI models become more capable of exploit development, the vulnerability window narrows significantly. His recommendations include:
- Implementing automatic security patches to eliminate user dependency on manual updates
- Focusing on security before code deployment
- Faster dependency updates, particularly for Electron-based applications
- More cautious disclosure timing for open source projects, as "every public commit is a starting gun for anyone with an API key"
What This Means
This demonstration confirms that publicly available frontier AI models have reached the capability threshold for practical exploit development, even if they require human guidance to overcome obstacles. The $2,283 price point makes this accessible to a wide range of actors, not just nation-states or well-funded groups. The security industry's traditional patch-and-update cycle may be insufficient when AI can accelerate exploit development from weeks to days. Organizations running software with known vulnerabilities—particularly Electron-based applications lagging behind Chrome releases—face materially increased risk.
Related Articles
China warns of backdoor in Anthropic's Claude Code versions 2.1.91-2.1.196
China's Ministry of Industry and Information Technology warned Wednesday that Anthropic's Claude Code AI coding tool contains a backdoor vulnerability in versions 2.1.91 to 2.1.196. Anthropic confirmed the backdoor was an anti-distillation experiment, as tensions escalate after the company last month accused Alibaba of attempting to extract its AI capabilities.
Anthropic Restores Claude Fable 5 After Government Takedown, With Stricter Cybersecurity Blocks
Anthropic is redeploying Claude Fable 5 after a month-long government-mandated takedown triggered by Amazon researchers discovering a method to bypass the model's cybersecurity safeguards. The returning version includes enhanced safety classifiers that automatically block cybersecurity tasks and revert to Opus 4.8, with restricted availability through usage credits only.
Anthropic offers K-12 teachers free year of Claude Pro with educational tools through June 2027
Anthropic launched Claude for Teachers, offering K-12 educators in the United States free access to premium Claude features for one year. The program includes Claude Cowork, Claude Code, and education-focused skills developed with Learning Commons, with applications open until June 30, 2027.
Anthropic launches rupee pricing for Claude in India at ₹2,000/month, its second-largest market
Anthropic has begun displaying rupee-denominated pricing for Claude subscriptions in India, its second-largest market after the US with 5.8% of global usage. Claude Pro is priced at ₹2,000 ($21) monthly when billed annually, compared to $17 in the US, with Indian prices including local taxes.
Comments
Loading...