Nicolas Carlini (67.2k citations on Google Scholar) says Claude is a better security researcher than him, made $3.7 million from exploiting smart contracts, and found vulnerabilities in Linux and Ghost

In a viral interview, renowned AI security researcher Nicolas Carlini made a startling admission: Anthropic's Claude large language model is a more effective security researcher than he is. Carlini, whose work has over 67,000 citations, detailed how Claude discovered a significant buffer overflow vulnerability in the Linux kernel that had gone undetected since its introduction in 2003. This type of low-level memory corruption bug is notoriously difficult to find and exploit, and Carlini noted he had never successfully executed one himself, highlighting the AI's unique capability.

Beyond operating systems, Claude demonstrated exceptional skill in smart contract auditing, identifying critical vulnerabilities that resulted in $3.7 million in bug bounty rewards. This practical, high-value output moves beyond theoretical research and into tangible financial impact. Carlini's endorsement carries significant weight in the security community and signals a major shift in how vulnerabilities might be discovered. He predicts this is just the beginning, expecting LLMs to become exponentially better at security tasks, potentially automating large portions of offensive and defensive cybersecurity work.