Anthropic released Claude Opus 4.6 on February 5, positioning it as both a security research tool and an enterprise workhorse. During internal red-team testing, the model found over 500 previously unknown high-severity vulnerabilities in open-source libraries without being explicitly instructed on methodology.
The model used standard security tools (fuzzers, debuggers) but devised its own approaches, including analyzing Git history to find bugs in GhostScript and creating custom proofs-of-concept for the CGIF library. In simulated smart contract testing, Opus 4.6 identified exploits worth $3.5 million compared to GPT-5's $1.12 million, and found two zero-days worth $3,694 across 2,849 contracts.
For enterprise deployments, Opus 4.6 brings a 1 million token context window (useful for analyzing entire codebases or regulatory filings) and scored 76% on the MRCR v2 needle-in-haystack benchmark versus Sonnet 4.5's 18.5%. The model autonomously closed 13 GitHub issues and handled multi-million-line code migrations at firms like SentinelOne. Anthropic's new "Agent Teams" feature allows multiple Claude instances to coordinate in parallel, reportedly handling the equivalent of a 50-person team's workflow in one day.
Anthropic now has 300,000+ business users. The company added cybersecurity safeguards to prevent misuse, though their documentation acknowledges these may complicate legitimate security research and defensive operations.
The real question is whether simulation performance translates to production environments. Finding $3.5 million in theoretical exploits is different from securing live infrastructure. CTOs evaluating Opus 4.6 should pilot it on internal code reviews and legacy system analysis before committing to broader adoption. The vulnerability discovery capability is impressive, but mature security teams will want to see how it performs against their specific codebases.
Anthropic says it's exploring tools to share vulnerability findings more broadly with the open-source community. We'll see if that materializes beyond this announcement.