According to an exclusive Axios report, Anthropic’s Claude large language model has consistently outperformed most human competitors in student hacking scenarios with minimal external support. This capability was showcased during various competitions ahead of a DEF CON presentation.
Anthropic’s red-team hackers noted Claude’s success. Keane Lucas, a member of the team, initially entered Claude into Carnegie Mellon’s PicoCTF. Lucas indicated that he simply pasted the first challenge directly into Claude.ai. Claude required a third-party tool download for a single aspect, but then solved the problem. Claude achieved a top 3% ranking in PicoCTF, which is a significant capture-the-flag competition for students focusing on reverse-engineering, system breaches, and file decryption.
Lucas further tested Claude, utilizing Claude.ai and Claude Code, with Sonnet 3.7 as the model. The red team’s assistance was limited, primarily for software installations. In one competition, Claude solved 11 of 20 challenges in 10 minutes. An additional 10 minutes led to five more solutions, raising its rank to fourth place. Claude’s ascent to first place in that competition was missed because Lucas was briefly unavailable at the start time.
The performance of AI agents in offensive cybersecurity is rising. In the Hack the Box competition, five of eight AI teams, including Claude, completed 19 of 20 challenges, while only 12% of human teams achieved all 20. Last week, Xbow, a DARPA-backed AI agent, reached the top position on HackerOne’s global bug bounty leaderboard. Lucas stated, “The pace is kind of ridiculous.”
Despite successes, Claude encountered difficulties with challenges outside its expected parameters. In one Western Regional Collegiate Cyber Defense Competition challenge, Claude failed to process an animation of ASCII fish in the Terminal. Lucas noted, “A human can Control+C out of that and get it to stop,” but Claude “just gets amnesia.” All AI teams, including Claude, became stuck on the final Hack the Box challenge, with organizers noting, “Why the agents failed here is still uncertain.”
Anthropic’s red team expresses concern that the cybersecurity community has not fully assessed the progress of AI agents in offensive security tasks, and the potential for their use in defensive strategies. Logan Graham, head of Anthropic’s Frontier Red Team, informed Axios, “It seems really probable in the very near future, models will get a lot, lot better at cybersecurity tasks.” He emphasized, “You need to start getting models to do the defenses, as well.” Anthropic suggests that fully AI employees could be present within a year, according to a report.
