Anthropic’s Claude dug up a critical remote code execution (RCE) bug that sat quietly inside Apache ActiveMQ Classic for over a decade. Researchers at Horizon3.ai say that it only took minutes for their team to work out an exploit chain for the bug with the help of AI. The researcher behind the work, Naveen Sunkavally, described the process as “80% Claude with 20% gift-wrapping by a human.” The bug, now fixed, could allow an attacker to use ActiveMQ’s Jolokia API to make the server load a malicious configuration file from the internet and execute arbitrary system commands. The issue stems from the integration of multiple components developed independently over time. While each worked efficie...