A new artificial intelligence model, Claude Sonnet 4.5, has demonstrated significant advancements in defensive cybersecurity tasks, according to recent performance evaluations. The model shows an enhanced ability to detect, analyze, and repair software vulnerabilities, in some cases outperforming its more powerful predecessor, Opus 4.1, while being faster and more cost-effective. This development marks a critical point where AI is becoming a practical tool for both cyber attackers and defenders.
Key Takeaways
- Claude Sonnet 4.5, a new AI model, shows superior performance in cybersecurity benchmarks compared to previous versions.
- The model was specifically enhanced for defensive tasks like finding and patching code vulnerabilities, not offensive capabilities.
- Performance data shows a 76.5% success rate on the Cybench evaluation and a new state-of-the-art score on the CyberGym benchmark.
- Industry partners like HackerOne and CrowdStrike report significant improvements in efficiency and accuracy using the new model.
The Shifting Landscape of AI in Cybersecurity
For several years, the practical application of AI in high-stakes cybersecurity remained largely theoretical. However, recent evidence indicates a significant shift, with AI models now capable of executing complex cyber operations. This transition is highlighted by several key developments that underscore the growing capabilities of AI on both sides of the digital security divide.
Researchers have demonstrated that AI can replicate sophisticated cyberattacks, such as a simulation of the 2017 Equifax breach, one of the most costly in history. In competitive environments, AI models like Claude have outperformed human teams in cybersecurity challenges, showcasing their problem-solving speed and accuracy.
From Theory to Practice
The increasing use of Large Language Models (LLMs) in events like the DARPA AI Cyber Challenge illustrates this trend. Teams used AI to build automated systems that scanned millions of lines of code, successfully identifying and patching both pre-inserted and previously undiscovered vulnerabilities.
At the same time, malicious actors are leveraging AI to scale their operations. Security teams have disrupted AI-assisted schemes, including a large-scale data extortion operation that would have previously required a team of individuals. This dual-use nature of AI has created an urgent need to accelerate the development of defensive AI tools to maintain security parity.
Claude Sonnet 4.5: A Focus on Defensive Skills
In response to the evolving threat landscape, researchers focused on enhancing Claude Sonnet 4.5 specifically for defensive cybersecurity tasks. As AI models increase in scale, they often develop "emergent abilities"—skills that were not explicitly programmed. While earlier cyber skills in AI were often a byproduct of general training, this new version is the result of dedicated research into key defensive areas.
The development team concentrated on three core defensive functions:
- Discovering vulnerabilities in codebases.
- Generating patches to fix identified weaknesses.
- Testing for vulnerabilities in simulated security environments.
Notably, the research deliberately avoided enhancing capabilities that would primarily benefit attackers, such as advanced exploitation techniques or malware creation. The goal is to empower defenders to secure software before it is deployed and to efficiently patch systems already in use.
Performance in Standardized Evaluations
To measure the progress of Claude Sonnet 4.5, it was tested against industry-standard benchmarks. These evaluations provide clear, objective comparisons between different AI models and track the rate of advancement in the field.
Results from the Cybench Benchmark
Cybench is an evaluation based on challenges from "Capture-the-Flag" (CTF) cybersecurity competitions. On this benchmark, Claude Sonnet 4.5 showed remarkable improvement over all previous models, including the more advanced Opus 4.1. In fact, Sonnet 4.5 achieved a higher success probability with a single attempt than Opus 4.1 did with ten attempts.
When given 10 attempts per task on the Cybench evaluation, Claude Sonnet 4.5 succeeded on 76.5% of the challenges. This represents a doubling of the success rate from just six months prior, when the Sonnet 3.7 model achieved only 35.9%.
One complex challenge, which involved analyzing network traffic and decrypting malware, was solved by the AI in 38 minutes. Researchers estimate the same task would have taken a skilled human professional at least an hour to complete.
Success on the CyberGym Evaluation
CyberGym is another external benchmark that tests an AI's ability to find known vulnerabilities in real-world open-source software and discover entirely new ones. Claude Sonnet 4.5 set a new record on the public leaderboard, achieving a score of 28.9% under a strict cost constraint of $2 per task.
When these cost limits were removed to simulate a more realistic scenario, the model's performance increased dramatically. With 30 attempts per task, Sonnet 4.5 was able to reproduce known vulnerabilities in 66.7% of the programs. The total cost for these 30 attempts was approximately $45, demonstrating high efficiency.
Perhaps more importantly, the model showed a strong capability for discovering new, previously unknown vulnerabilities. With a single trial, it found new vulnerabilities in 5% of projects. When given 30 trials, that figure rose to over 33%.
Practical Applications and Industry Feedback
Beyond benchmark scores, the true test of an AI's utility is its performance in real-world scenarios. The team behind Claude Sonnet 4.5 collaborated with cybersecurity firms to apply the model to practical challenges like vulnerability remediation and threat analysis.
The feedback from these partners has been positive, highlighting tangible improvements in security operations.
"Claude Sonnet 4.5 reduced average vulnerability intake time for our Hai security agents by 44% while improving accuracy by 25%, helping us reduce risk for businesses with confidence."
Similarly, another leading cybersecurity company found the model useful for simulating attack scenarios to strengthen their defenses.
"Claude shows strong promise for red teaming—generating creative attack scenarios that accelerate how we study attacker tradecraft. These insights strengthen our defenses across endpoints, identity, cloud, data, SaaS, and AI workloads."
Future Directions for AI in Cyber Defense
While Claude Sonnet 4.5 represents a significant step forward, its capabilities are still developing and do not yet replace the expertise of human security professionals. Ongoing research is focused on further improving the defensive skills of AI models and refining the systems used to detect their misuse.
Preliminary research into automated patch generation is also promising. In one experiment, 15% of patches created by the AI were judged to be functionally identical to those written by human developers. This is seen as an emergent capability that could be enhanced with further focused research.
The developers are encouraging organizations to begin experimenting with AI to improve their own security postures. Potential areas for application include automating Security Operations Center (SOC) tasks, analyzing security event data, and engineering secure networks. As AI's role in cybersecurity moves from a future possibility to a present-day reality, collaboration between industry, government, and researchers will be essential to ensure defenders maintain the advantage.
