The claim is serious, but narrower than a plain reading of “Chrome exploit” suggests. Pedhapati’s write-up describes the target as Chrome for Testing 138 on ARM64 macOS and says Discord Desktop was using Chrome 138 while current upstream Chrome had already moved to version 147. Google’s Chrome release notes show version 147.0.7727.55 and.56 were promoted to the stable channel on April 7, while the National Vulnerability Database says CVE-2026-5873, an out-of-bounds read and write flaw in V8, affected Chrome versions prior to that build and could allow arbitrary code execution inside the sandbox through a crafted HTML page.
That chronology matters because Pedhapati did not present the model as an autonomous cyber weapon that could break a fully patched mainstream browser on its own. His account says the model needed repeated steering, multiple sessions and human judgement to get past dead ends. He wrote that he selected a bug he believed was workable, used patch information to help the model construct an out-of-bounds primitive, then pointed it at a disclosed sandbox-bypass issue from the Chromium tracker to complete the chain. He also noted that an XSS on discord. com would still be needed to deliver such a payload against Discord itself.
Even with those caveats, the episode lands awkwardly for anyone arguing that offensive AI remains mostly theoretical outside controlled demonstrations. Pedhapati’s larger point is that exploit development for complex software has been constrained by scarce human expertise, and that models can now compress parts of that work into something faster and cheaper. His target choice also revived an older concern around Electron-style applications that ship with their own Chromium versions and can lag well behind upstream security fixes, leaving known browser flaws exposed after patches are public.
Anthropic’s own published research already points in the same direction, though with more restraint. On March 6, the company said Claude Opus 4.6 had found 22 Firefox vulnerabilities over two weeks and that it managed to turn a bug into an exploit only twice, despite being given hundreds of attempts. Anthropic stressed that those exploits worked only in a testing environment with some modern browser protections intentionally removed and said the model was not yet writing full-chain exploits that could escape the browser sandbox in the kind of real-world manner that would cause the most harm.
Yet Anthropic has also been warning that the broader trajectory is moving fast. On April 7 it launched Project Glasswing with partners including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA and Palo Alto Networks, saying its unreleased Mythos Preview model had already found thousands of high-severity vulnerabilities across major operating systems and browsers. Reuters reported that Anthropic paired that effort with up to $100 million in usage credits and $4 million in donations for open-source security work, underscoring how aggressively the industry is trying to tilt such capability towards defence before wider diffusion makes that harder.
Regulators and large institutions are now treating that risk as more than a laboratory concern. Reuters reported on April 17 that Anthropic was in discussions with the European Commission about its cyber-security models and the obligations to assess and mitigate any associated risks. Separate Reuters reporting the same week said Barclays chief executive C. S. Venkatakrishnan had described Mythos as a serious threat and warned that stronger successors would follow. Another Reuters report on Anthropic’s cyber push cited a survey by IBM and Palo Alto Networks in which 67% of 1,000 executives said they had been targeted by AI attacks within the past year.
Follow Arabian Post
Select Arabian Post as your preferred source on Google and MSN News for trusted business news and Arab politics and updates.
