speckxFeb 5

Opus 4.6 uncovers 500 zero-day flaws in open-source code

https://www.axios.com/2026/02/05/anthropic-claude-opus-46-software-hunting

Exclusive: Anthropic's new model is a pro at finding security flaws

The AI company sees the model's advancements as a major win for cyber defenders in the race against adversarial AI.

Axios
Show threadmrkeen

Daniel Stenberg has been vocal the last few months on Mastodon about being overwhelmed by false security issues submitted to the curl project.

So much so that he had to eventually close the bug bounty program.

https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-b...

The end of the curl bug-bounty

tldr: an attempt to reduce the terror reporting. There is no longer a curl bug-bounty program. It officially stops on January 31, 2026. After having had a few half-baked previous takes, in April 2019 we kicked off the first real curl bug-bounty with the help of Hackerone, and while it stumbled a bit at first … Continue reading The end of the curl bug-bounty →

daniel.haxx.se
Feb 5 at 6:59pmWeb
Show threadtptacekFeb 5
We're discussing a project led by actual vulnerability researchers, not random people in Indonesia hoping to score $50 by cajoling maintainers about atyle nits.
Show threadmalfistFeb 5
Vulnerability researches with a vested interest in making LLMs valuable. The difference isn't meaningful
Show threadtptacekFeb 5
I don't even understand how that claim makes sense.
Show threadjudemelanconFeb 5

The first three authors, who are asterisked for "equal contribution", appear to work for Anthropic. That would imply an interest in making Anthropic's LLM products valuable.

What is the confusion here?

Show threadtptacekFeb 5
The notion that a vulnerability researcher employed by one of the highly-valued companies in the hemisphere, publishing in the open literature with their name signed to it, is on a par with a teenager in a developing nation running script-kid tools hoping for bounty payoffs.
Show threaddelusionalFeb 5

You don't see how thats even directionally similar?

I guess I'll spell it out. One is a guy with an abundance of technology, that he doesn't know how to use, that he knows can make him money and fame, if only he can convince you that his lies are truth. The other is a bangladeshi teenager.

Show threadtptacekFeb 5
I don't even understand how that claim makes sense.
Show threadjudemelanconFeb 5

To preemptively clarify, I'm not saying anything about these particular researchers.

Having established that, are you saying that you can't even conceptualize a conflict of interest potentially clouding someone's judgement any more if the amount of money and the person's perceived status and skill level all get increased?

Disagreeing about the significance of the conflict of interest is one thing, but claiming not to understand how it could make sense is a drastically stronger claim.

Show threadtptacekFeb 5
I'm responding to "the difference isn't meaningful". Obviously, the difference is extremely meaningful.
Show threadnextaccounticFeb 6

> in Indonesia

That's uncalled for.. there's actual security researches in Indonesia and other countries you could use to exemplify this

Show threadtptacekFeb 7
You're right. I'm sorry about that. I know there are, and there's no reason to single out Indonesia in particular.