Anthropic security researcher Nicolas Carlini, whose paper has been cited 67200 times on Google Scholar, is one of the most cited individuals in this field. He recently publicly stated that Claude is a better security researcher than him. After pointing Claude to Ghost (a publishing platform with 50000 GitHub Stars and no high-risk vulnerabilities in history) for 90 minutes, Claude found an SQL injection vulnerability that allows anyone to directly obtain the administrator key without any permission and fully access the backend. He pointed Claude to the Linux kernel again. Claude found a buffer overflow vulnerability. A loophole that has been hidden there since 2003 has existed for 23 years. Carlini said that this level of vulnerability is extremely difficult to detect even with manual auditing by experienced security experts. In smart contract testing, Claude identified approximately $3.7 million worth of exploitable vulnerabilities in a simulated environment. Carlini said that he himself cannot achieve Claude's level in these tasks. The most painful part of this matter is not that AI has found a loophole, but that Carlini is still working.