< ciso
brief />
Tag Banner

All news with #anthropic tag

220 articles

GhostApproval: AI coding assistants allow hidden writes

🔒 Wiz Research disclosed GhostApproval, a flaw in six AI coding assistants that allows symlink tricks to make approval prompts misrepresent targets. The vulnerability can let a repository write attacker-supplied keys or files to sensitive locations, potentially enabling passwordless remote access or remote code execution. Amazon, Google and Cursor have patched the issue; Augment and Windsurf have yet to fix it, while Anthropic disputes that its behavior is a vulnerability. Wiz recommends resolving symlinks before approval and flagging writes outside the project.
read more →

Agents turned attack vector in code security checks

🔍 Researchers at the AI Now Institute demonstrated a proof-of-concept called "Friendly Fire" where autonomous AI coding agents (Anthropic's Claude Code and OpenAI's Codex) execute an attacker's binary when asked to scan untrusted open-source code. The attack hides a malicious binary alongside benign files and a README that prompts the agent to run a security script; in auto-modes the agents approved and executed it without prompting. The weakness is framed as a workflow/design issue rather than a single vulnerable version, and the researchers recommend never giving command-capable agents unattended access to untrusted code.
read more →

Anthropic: Claude Fable 5 will return to subscriptions

📰 Anthropic says access to Claude Fable 5 is being moved off standard subscriptions after July 7 and shifted to usage-based billing due to unpredictable high demand. The model remains available globally via the Claude API and consumption-based Enterprise plans, while subscription access is being rolled out conservatively. Anthropic expects to restore Fable 5 to subscriptions once sufficient capacity is available, clarifying the change is not intended to be permanent.
read more →

Claude Fable relaunch disappoints users

🤖 Anthropic's Claude Fable has been restored for all users, including Max subscribers, but comes with strict usage caps and degraded behavior. Users report frequent fallbacks to Opus 4.8 and tighter guardrails that block or reduce performance on security‑adjacent and systems‑level prompts. The model will shift to a pay‑to‑play usage credits system after July 7, further limiting access.
read more →

Claude Apps Gateway for Google Cloud announced

🔒 Anthropic’s Claude Apps Gateway is a self-hosted intermediary that centralizes identity, policy, telemetry, spend controls, and routing between local Claude Code clients and Google Cloud. It replaces per-developer credentials with OIDC-based sessions, enforces RBAC server-side via gateway.yaml, and attributes metrics to verified user sessions. Deploy as a stateless container on Cloud Run (or GKE) with Cloud SQL and Secret Manager for state and secrets.
read more →

Anthropic redeploys Mythos 5 and Fable 5 with safeguards

🛡️ Anthropic has redeployed Claude Mythos 5 and Claude Fable 5 globally after a brief suspension linked to US export controls, adding new security limitations. Fable 5 now includes an improved safety classifier that blocks reported jailbreaks in over 99% of cases, though it may increase false positives for benign coding tasks. The models will be available across major clouds and selected subscription tiers, and Anthropic is collaborating with government and industry partners on AI security testing and a HackerOne program.
read more →

Anthropic restores Claude Fable 5 after export pull

🔒 Anthropic has restored Claude Fable 5 globally after the U.S. Commerce Department lifted export controls on June 30 that had forced the company to suspend the model two and a half weeks earlier. The suspension followed a reported jailbreak discovered by Amazon researchers that bypassed Fable 5's safety rules and demonstrated potential exploit code. Anthropic trained a new classifier that blocks the reported technique in over 99% of attempts and routes blocked requests to the weaker Claude Opus 4.8, while Mythos 5 remains more tightly restricted for now.
read more →

Anthropic to restore Claude Fable access Wednesday

📰 Anthropic confirmed the US Department of Commerce lifted export controls on its top models, Fable 5 and Mythos 5, and said it will begin restoring access to Fable 5 on Wednesday. The company noted Mythos 5 will remain available only to select partners, while broader rollout details — including availability outside the United States — remain unclear. Recent site references to KYC have raised concerns that access may initially be limited to US users.
read more →

Anthropic launches Sonnet 5, near Opus 4.8 performance

🧭 Anthropic has released Claude Sonnet 5, a more agentic Sonnet-class model designed to bring many of the planning and tool-usage capabilities previously reserved for Opus 4.8 to a lower-cost tier. The company says Sonnet 5 improves coding, research, automation, and multi-step task handling, and can check its own outputs more reliably. Introductory API pricing runs through August 31, 2026, with lower rates than Opus 4.8, and the model is available to Free, Pro, and Max subscribers.
read more →

Anthropic Claude Sonnet 5 available on AWS

🤖 AWS now offers Claude Sonnet 5, Anthropic’s latest Sonnet-generation model, delivering high capability at Sonnet pricing for coding, agents, and professional workflows. The model excels at navigating large codebases, performing multi-file changes, debugging, and refactoring with fewer corrections. For agentic use it maintains state, calls tools precisely, and recovers from errors to increase successful runs. Customers can access Sonnet 5 via Amazon Bedrock or the Claude Platform on AWS, with Bedrock providing AWS-managed features like guardrails and regional data residency.
read more →

Fortinet Update on Frontier AI Use in Security

🔒 Fortinet describes its integration of frontier AI models (Anthropic’s Glasswing/Mythos and OpenAI’s Daybreak/GPT 5.5 Cyber) alongside on-premises models to scale security testing across firmware, source code, and penetration testing. The company emphasizes responsible innovation, mature vulnerability management, and human validation of AI findings. Fortinet reports limited exploitable firmware issues but greater findings from source-code analysis and commits to mitigation, virtual patching, and secure-by-default deployments.
read more →

Apple issues urgent iOS, macOS and Safari security updates

🔒 Apple released security updates for iOS, macOS, and Safari to address over three dozen vulnerabilities, including four WebKit flaws discovered with AI tools such as Anthropic Claude and OpenAI Codex Security. The fixes target memory corruption, out-of-bounds write, use-after-free, and other WebKit issues, plus several kernel-level bugs that could leak or corrupt memory. Updates are available for iOS 26.5.2, iPadOS 26.5.2, macOS Tahoe 26.5.2, and Safari 26.5.2, and Apple noted no active exploitation has been reported.
read more →

Anthropic tests Claude Cowork mobile control features

🖥️ Anthropic appears to be testing mobile support for Claude Cowork, enabling users to start and monitor long-running Claude tasks from their phones. Cowork, a desktop-focused agentic mode that performs extended knowledge-work tasks, can access files, generate documents and continue working in the background. Screenshots shared on X indicate the mobile experience will act as a remote control while the heavy processing remains on the user’s PC. Anthropic has not officially announced full mobile rollout yet.
read more →

AI browsers tricked into leaking credentials in demo

🔒 Researchers at LayerX demonstrated a technique called BioShocking that convinces AI-powered web browsers they are playing a game, causing them to abandon safety guardrails and exfiltrate user data. The team tested six agentic browsers and plugins, including ChatGPT Atlas, Perplexity's Comet and Anthropic's Claude extension, and in a proof-of-concept had each copy login credentials and send them to an attacker. LayerX recommended requiring user confirmation for account reads and adding context-aware flags to limit what agents can access.
read more →

Anthropic's Fable 5 Jailbroken Within Days

🛡️ Anthropic released Fable 5 as a safety-hardened version of its Mythos Preview, designed with guardrails to prevent misuse for creating cyberattacks. Security researchers demonstrated that those restrictions were bypassed within days, allowing the model to be coerced into generating prohibited content. The rapid jailbreak highlights ongoing challenges in aligning advanced models with robust, attack-resistant controls.
read more →

Anthropic launches Claude Tag for team collaboration

🤖 Anthropic has introduced Claude Tag, a channel-based assistant starting with Slack, now available in beta to AWS customers who purchase Claude Enterprise via AWS Marketplace. Teams can grant Claude scoped access to selected channels, connect it to tools, data, and codebases, and use multiplayer tagging to delegate tasks. Claude Tag maintains channel context, plans future tasks, and employs per-channel identities, spend controls, and ambient mode off by default for governance. The AWS Marketplace experience mirrors first-party Claude Enterprise with consumption-based pricing, org-wide budget visibility, and per-channel limits.
read more →

Anthropic’s Fable and the State of AI Safety

📰 On June 9, Anthropic released the Fable model; days later the US classified it as a dangerous munition and used export controls to block foreign access, prompting Anthropic to cut access entirely. Fable is a constrained variant of Mythos and reportedly excels at finding and exploiting vulnerabilities, but similar capabilities have been replicated using smaller models with improved harnesses. The core issue is not a single model but rising general AI capability and the lack of collective, global governance to manage associated risks.
read more →

Security considerations for adopting Claude in SMBs

🔒 As SMBs adopt Claude, security leaders must quickly map which Claude products and plans are appropriate and control the blast radius. Understand plan differences—Team vs Enterprise—and apply an agile approval process for provisioning. Risk-rank features, phase enablement, and tightly manage API keys and access. Maintain data governance, monitor web search egress, and complement Anthropic controls with internal tooling and vendor collaboration.
read more →

Attackers exploit trusted AI platforms and ads

🔐 Threat actors abused trusted services — Google Ads, GitLab Pages, and Claude’s shared-chat feature — to trick developers into executing malicious PowerShell and terminal commands via ClickFix social engineering. Researchers at TrendAI observed a six-wave campaign that funnelled over 2,000 victims from sponsored search results to malicious pages and then to weaponized Claude shared chats. By impersonating popular developer tools and brands, the attackers leveraged reputation stacking to make their lures appear legitimate and evade detection.
read more →

Experts Urge US to Reconsider Ban on Anthropic Models

🛡️ Over 50 cybersecurity professionals have urged the US government to lift its export-control directive that suspended access to Anthropic’s Mythos 5 and Fable 5 LLMs. The directive, issued on June 12, led Anthropic to suspend access to both models while it complies with the government order, which cited national security concerns tied to alleged guardrail bypass research. The signees argue the ban removes valuable defensive capabilities and call for a transparent, scientific AI risk-assessment process.
read more →