Measuring LLMs’ ability to develop exploits
… The evaluation framework supports toggleable security mitigations, such as the V8 heap sandbox and Linux Kernel Address Space Layout Randomization KASLR . …
… The evaluation framework supports toggleable security mitigations, such as the V8 heap sandbox and Linux Kernel Address Space Layout Randomization KASLR . …
… Compare this to Claude Code, where a privileged process sits outside the sandbox deciding per-command whether to enforce it; a persuasive injected prompt or a fatigued approval click can get that process to run something un-sandboxed. …
… As we recently documented, Claude found more than 500 zero-day vulnerabilities security flaws that are unknown to the software’s maintainers in well-tested open-source software. …
… Additional results Footnotes 1 One proxy for estimating the value of a software vulnerability is the bug bounty—the amount a company offers security researchers for responsibly disclosing flaws in its code. …
… Degrade security posture. …