Anthropic Claude Opus Model Successfully Engineers Chrome Exploit for Two Thousand Dollars
Anthropic's Claude Opus model was used to create a $2,283 exploit chain for Chrome, highlighting new risks in AI-assisted cyberattacks on apps like Discord.
By: AXL Media
Published: Apr 18, 2026, 8:33 AM EDT
Source: Information for this report was sourced from The Register.
Commercial AI Models Overcome Cyber Security Barriers
While the technology industry remains focused on the potential risks of unreleased "frontier" models, current mainstream artificial intelligence is already proving capable of sophisticated cyberattacks. Mohan Pedhapati, the CTO of security firm Hacktron, recently utilized Anthropic’s Opus 4.6 model to construct a full exploit chain against the V8 JavaScript engine. This development confirms that even without access to specialized tools like Anthropic’s withheld Mythos model, existing large language models possess the reasoning capabilities required to identify and weaponize software vulnerabilities in popular consumer applications.
The Financial Mechanics of Automated Exploitation
The technical feat was achieved through a week of iterative prompting, consuming approximately 2.3 billion tokens and resulting in $2,283 in API costs. Pedhapati noted that while this figure may seem high for a casual user, it represents a fraction of the cost associated with manual exploit development by human engineers. Given that bug bounty programs for companies like Google and Discord can offer rewards upwards of $15,000 for similar discoveries, the use of AI for exploit generation has reached a point of clear economic viability for both legitimate researchers and malicious actors.
Discord and the Electron Framework Vulnerability
The exploit specifically targeted Discord, which currently operates on Chrome 138, a version that lags nine major releases behind the current Google Chrome build. This discrepancy highlights a systemic weakness in the Electron framework, which powers popular apps like Slack and Discord. Because these applications bundle specific versions of the Chrome engine, they often remain vulnerable to "N-day" exploits long after Google has patched the underlying V8 engine. Pedhapati successfully "popped calc," a standard industry term for gaining remote code execution, to prove the system was fully compromised.
Categories
Topics
Related Coverage
- Anthropic Endorses EPSS Model to Tackle AI-Accelerated Wave of Machine-Speed Software Vulnerabilities
- Global Regulators Sound Alarm as Anthropic’s ‘Mythos’ AI Exposes Systemic Banking Vulnerabilities
- Anthropic’s Mythos Model Identifies 271 Security Flaws in Latest Mozilla Firefox Source Code
- Anthropic’s Claude Code Sparks Cybersecurity Transformation as Frontier AI Labs Target Defensive Software