I Let Claude Opus Write a Chrome Exploit: The Next Model (Mythos?) Won't Need My Help?

April 16, 2026
aisecuritybusinessscience
Close-up of a woman typing on a laptop positioned on a wooden table, focused workspace environment.
Photo by cottonbro studio on Pexels

The experiment and its result

It has been reported that a researcher pointed Anthropic’s Claude Opus at Discord’s bundled Chromium (version 138, nine major versions behind upstream) and asked it to craft a full V8 exploit chain. After about a week of back-and-forth prompts, roughly 2.3 billion tokens, $2,283 in API charges and some ~20 hours of manual nudging to get it un-stuck, the model allegedly produced a working chain that “popped calc” — a classic proof-of-concept. Small print: the V8 OOB used was from Chrome 146, which some say is the same runtime Claude Desktop runs on; allegedly, that coincidence mattered.

Why this matters (and why you should squirm a little)

So what changed? Not the laws of physics. The model didn’t sprout intentions. But it did demonstrate that a large, capable LLM can be guided to assemble complex, multi-step exploit code when given time, compute, and a human in the loop. That human intervention wasn’t trivial — think of it as heavy prompt engineering and troubleshooting, not a push-button hack. Still: technology that reduces the expertise-and-time barrier to weaponizing bugs is, to put it mildly, a headline you don’t want.

The broader scene

This is part of a larger trend: models are getting very good at coding, and "vibecoding" — playful, high-energy coding sessions with LLMs — is becoming a real research method. Security folk are both excited and terrified. Excited because these tools speed up legitimate research and fuzzing; terrified because the same pattern can lower the bar for misuse. Regulators, platform owners, and AI labs will have to wrestle with disclosure norms, API guardrails, and escape-hatch monitoring faster than they’ve had to before. Who’s responsible when an assistant writes the last mile of an exploit? Good question.

A terse takeaway

The headline isn’t that AI magically learned to hack on its own. It’s that, with the right prompts and patience, an assistant can do far more of the heavy lifting than previous generations. That’s promising — and unnerving. Patches, hardened runtimes and better applied AI safety practices are not optional. The community should treat this as a wake-up call, not a fever dream.

Sources: hacktron.ai, Lobsters