February 10, 2026 Anthropic’s newly released Claude Opus 4.6 has already uncovered over 500 previously unknown, high-severity vulnerabilities across major open-source libraries, including Ghostscript, OpenSC and CGIF. The AI model, launched on Feb. 5, didn’t just pass benchmarks but cracked through real-world software with no extra prompting, tools or guidance.
Positioned as a next-generation reasoning model, Claude 4.6 is demonstrating something frontier models have long promised but rarely delivered: unsupervised, expert-level code analysis. According to Anthropic, the model identified bugs that traditional fuzzers and even experienced engineers routinely miss, thanks to what the company describes as “researcher-like” reasoning and contextual pattern recognition.
“Opus 4.6 reads and reasons about code the way a human researcher would—looking at past fixes to find similar bugs that weren’t addressed, spotting patterns that tend to cause problems, or understanding a piece of logic well enough to know exactly what input would break it,” Anthropic said.
The model’s findings weren’t theoretical. Among the vulnerabilities patched after Claude’s analysis were a buffer overflow in OpenSC and a crash-triggering bug in Ghostscript. One of the most sophisticated flaws came from CGIF, a C library for writing GIFs, where Claude located a heap buffer overflow by understanding the mechanics of the LZW algorithm.
Anthropic’s internal red team set up a sandboxed environment to test Claude’s limits. The AI was handed common debugging tools like fuzzers and debuggers, but wasn’t told how to use them. It still managed to sift through commit logs, interpret vulnerable patterns, and isolate the most serious memory corruption issues, many of which were validated and responsibly disclosed.
Anthropic is positioning Claude not just as an assistant for coders but as an essential tool for the cybersecurity community. Yet, the same power raises concerns. Earlier disclosures from the company admit that Claude models, including this one, can execute multi-stage attacks using only public tools.
The success of Claude 4.6 highlights a shift in AI from productivity to infrastructure defence and possibly offence. It also puts pressure on defenders to adopt equally sophisticated tools to keep pace with a landscape where AI is increasingly on both sides of the firewall.
