Nicholas Carlini showed a scaffolded Claude setup that reportedly found a blind SQL injection in Ghost and repeated the pattern against the Linux kernel. The attributed demo shifts cyber-capability debate from abstract evals to disclosed software targets and 90-minute workflows, so readers should treat the result as a specific reported demo.
According to the primary thread, Carlini's demo centered on two concrete case studies: Ghost CMS and a Linux kernel bug in NFS. The Ghost example is the sharper engineering claim. The summary says Claude found a blind SQL injection in Ghost, a project described there as having about 50,000 GitHub stars and no prior critical vulnerability history, then used that path to take an admin API key.
The same account, echoed in the linked-talk post, frames the result as a capability threshold: a model with a "minimal scaffold" autonomously discovering and exploiting bugs in heavily audited software within a 90-minute session. That matters because the claim is no longer just that frontier models score better on security evals; it is that a scaffolded agent reportedly completed an end-to-end vulnerability workflow against disclosed software targets. What remains public, though, is still second-order evidence around a conference presentation and the talk video, not a detailed technical paper or reproduction package.
A top Research Scientist at Anthropic showed how Claude found zero-day vulnerabilities live on stage. By Nicholas Carlini. It discovered a zero-day in Ghost, which has 50,000 stars on GitHub and had never had a critical security vulnerability in its history. In 90 minutes, itĀ Show more
