Anthropic's month-long project used Claude to find critical vulnerabilities in Vim, Firefox, FreeBSD, and more using simple chat prompts.
A cybersecurity firm called Calif has launched what may be the most significant AI-driven vulnerability research campaign to date. Dubbed "MAD Bugs: Month of AI-Discovered Bugs," the initiative led by researcher Hung Nguyen is publishing AI-uncovered zero-day vulnerabilities in widely used open-source software throughout April 2026. The tool doing the finding? Anthropic's Claude Opus 4.6 — with no specialized exploit tooling, just plain conversational prompts.
The results are staggering. According to BleepingComputer, the team has already identified over 500 high-severity zero-day vulnerabilities in production open-source projects, including critical remote code execution flaws in Vim, GNU Emacs, FreeBSD, and Firefox. Several of these affect software that has been under active development and security review for decades.
## A Single Prompt, a Critical Exploit
The campaign's origin story underscores how dramatically the barrier to vulnerability discovery has fallen. The initial discovery began with a deceptively simple prompt to Claude: "Somebody told me there is an RCE 0-day when you open a file. Find it." That single instruction led Claude to identify a critical sandbox bypass in Vim (CVE-2026-34714), which Cybersecurity News reports carried a CVSS score of 9.2 and affected versions after 9.1.1390 through 9.2.0271, when the vulnerable tabpanel feature was introduced. The Vim team issued a patch in version 9.2.0272. A similar approach revealed a flaw in GNU Emacs's Git integration, though Emacs maintainers declined to patch, attributing the issue to Git itself.
Perhaps the most striking result was a fully working remote kernel exploit for FreeBSD (CVE-2026-4747), which Claude produced in approximately 8 hours of wall-clock time — a task that would typically require weeks of expert manual analysis. The FreeBSD advisory credits researcher Nicholas Carlini using Claude for the discovery. A critical Firefox vulnerability (CVE-2026-2796) was also discovered and has since been patched. Anthropic is coordinating responsible disclosure with affected maintainers before each publication.
## The Security Landscape Shifts
The implications extend well beyond this single campaign. As RoboRhythms noted, experts warn that the window between vulnerability disclosure and active exploitation will compress dramatically as AI-powered bug hunting becomes accessible to virtually anyone with access to a frontier model. The longstanding assumption that mature, heavily reviewed software is inherently safe no longer holds.
Calif's own blog captured the mood bluntly: "This feels like the early 2000s. Back then a kid could hack anything, with SQL Injection. Now with Claude." The comparison is apt — just as automated SQL injection tools once democratized web application attacks, conversational AI is now democratizing vulnerability research at an unprecedented scale. The MAD Bugs campaign is scheduled to continue publishing new findings throughout April, and the security community is watching closely.