Claude Opus 4.7 Used to Discover Critical Super-Admin API Flaw in Live Nation Ticketing Subsidiary

Security researcher Ian Carroll used Anthropic's Claude Opus 4.7 to uncover a critical API flaw in Front Gate Tickets, a ticketing subsidiary of Live Nation. The vulnerability granted super-administrator access, including the ability to issue tickets of any value — a serious real-world exposure demonstrating how frontier models are accelerating vulnerability discovery.
The finding fits a broader, alarming pattern: an Epoch AI chart cited this week showed 21 major organizations disclosed roughly 1,500 high- and critical-severity CVEs in June 2026, a 3.5x spike over pre-Claude-Mythos records, attributed to AI models finding vulnerabilities at scale. The same offensive-cyber capability is exactly what triggered the US export-control suspension of Fable 5 and Mythos 5, and what the new CJS jailbreak-severity framework tries to classify.
The story crystallizes the double-edged nature of capable coding models: the same tools that let defenders (and independent researchers) find and fix flaws faster also lower the bar for attackers. AWS's new Continuum security service and Bedrock's AI-phishing detection are the defensive counterweights being rushed to market.
The practical takeaway for readers is that AI-assisted pentesting is now productive enough to find super-admin flaws in production systems belonging to major companies. Watch whether Live Nation confirms and patches, and whether the CVE surge forces faster industry-wide patch cycles — Apple, notably, is already compressing its patch cadence in response to AI-driven threats.