AI’s Dark Side: How Claude Opus Supercharged a Real Chrome Browser Exploit

When a security researcher set out to see if Anthropic’s flagship AI, Claude Opus, could help build a working Chrome browser exploit, few expected the result: a fully functional attack chain, crafted in days, that broke out of the world’s most widely used browser engine. The implications are as chilling as they are immediate - AI is no longer just a tool for defenders, but a force multiplier for skilled attackers.

Fast Facts

• Claude Opus, guided by a security expert, helped create a working exploit for Chrome’s V8 engine in about a week.
• The attack targeted an outdated Chromium build (used in Discord Desktop), exploiting a known V8 vulnerability (CVE-2026-5873).
• The process involved 1,765 API requests, 2.33 billion tokens, and cost over $2,200 in compute fees.
• The AI needed strong human supervision, acting as a powerful but inconsistent assistant, not an autonomous hacker.
• Anthropic has restricted release of its most advanced models, citing risks that AI could surpass most human hackers in finding and exploiting bugs.

The experiment, led by Mohan Pedhapati (aka s1r1us), CTO of Hacktron, was more than just a technical stunt. It was a warning shot. The target: Discord Desktop, running on an old Chromium version (Chrome 138) full of patched but unaddressed vulnerabilities. By focusing on CVE-2026-5873 - a serious out-of-bounds memory flaw in V8 - Pedhapati and Claude Opus pieced together an exploit chain that ultimately achieved code execution on ARM64 macOS. The classic “Calculator app pops up” demo confirmed the attack’s success.

What’s striking isn’t just that the exploit worked, but how it came together. Claude Opus was fed patch notes, debugging sessions, and technical hints. After 27 failed strategies and 22 iterative sessions, the model finally cracked the sequence. The process burned through billions of tokens and required nearly a full day of hands-on expert oversight. In other words: the AI wasn’t a rogue hacker, but it made a skilled researcher dramatically faster and more effective.

For defenders, the lesson is clear and uncomfortable. “N-day” vulnerabilities - bugs already known and patched in upstream Chrome - remain a goldmine for attackers when bundled Chromium in apps like Discord lags behind. AI models like Claude Opus can now help weaponize these bugs at unprecedented speed and scale, even if human expertise is still essential. Anthropic itself has acknowledged the risks, limiting access to its most advanced tools and launching Project Glasswing, a coalition with tech giants to secure software before cybercriminals can exploit AI’s offensive potential.

The landscape is shifting. Bundled browsers and patch delays are now critical exposures, and AI is changing the game not by replacing hackers, but by making them faster, cheaper, and harder to ignore. The arms race between attackers and defenders just got a powerful new player - and the clock is ticking.

WIKICROOK

• V8 Engine: The V8 engine is Google's technology for running JavaScript and WebAssembly, enabling fast, interactive websites and web applications in Chrome and beyond.
• Out: Out-of-Band Verification confirms identity using a separate channel, like a phone call or text, to enhance security and prevent unauthorized access.
• CVE: CVE, or Common Vulnerabilities and Exposures, is a system for uniquely identifying and tracking publicly known cybersecurity flaws in software and hardware.
• Electron: Electron is a framework for building cross-platform desktop apps using web technologies, bundling its own browser engine and JavaScript runtime.
• Exploit Chain: An exploit chain is a series of linked vulnerabilities that attackers use together to breach a system, bypassing security through multiple steps.

As AI continues its relentless advance, security teams must adapt - or risk being left behind. The future of cyber offense isn’t science fiction anymore. It’s here, armed with billions of tokens and a tireless digital assistant. Will defenders rise to the challenge?