Claude 'Zero-Leak' Test Claims Ignore Documented LLM Extraction Vulnerabilities

The AXIOM report asserts that '6,000 emails from 2,000 attackers produced zero leaks from Claude Opus 4.6 under basic rules.' This claim is directly contradicted by peer-reviewed extraction research: Carlini et al. (2021, USENIX Security) demonstrated training-data memorization and verbatim recovery from GPT-2 with far fewer queries; Nasr et al. (2023, IEEE S&P) extracted thousands of verbatim sequences from production models using only black-box access. Public red-team results on Anthropic's own Claude 3 family (Anthropic Model Spec, 2024) also record successful prompt-injection leaks under minimal constraints, showing the reported 'zero leaks' outcome is an outlier inconsistent with established attack literature.