All news with #anthropic tag

🔒 A new generation of frontier AI models is changing how cyberattacks are developed, enabling speed, scale, and accessibility previously unseen. Early testing of advanced models, including Claude’s Mythos, shows they can identify code vulnerabilities, map attack paths, and generate working exploits with minimal effort. Organizations must treat these as fully AI-powered attacks and prioritize proactive readiness, detection, and mitigation strategies.

🛡️ The White House is privately discussing whether advanced AI models that could enable cyberattacks should undergo government-led or formal pre-release reviews before public deployment. The talks were prompted by Anthropic’s Mythos, which the company says has identified thousands of high-severity vulnerabilities, and by comparable capabilities from other labs. Officials are weighing options including formal vetting and targeted testing for higher-risk systems. No policy has been finalized and no timeline has been set.

🔒 Anthropic has launched Claude Security in public beta for Claude Enterprise customers, evolving its previous Claude Code Security offering and running on Claude Opus 4.7. The tool scans codebases to identify vulnerabilities and generates targeted patch instructions, reasoning about data flows and inter-file interactions rather than relying on simple pattern matches. It supports scheduled and targeted scans, audit-friendly exports and integrations, attaches confidence ratings to findings, and requires no API integration or custom agent build. Access is available from the Claude.ai sidebar, with Team and Max tiers coming soon.

🔒 Palo Alto Networks’ Unit 42 Frontier AI Defense now integrates Anthropic’s Claude Security powered by Opus 4.7 to accelerate detection and remediation of AI-driven threats. The integration enables AI-driven exposure analysis, scalable deep-stack application reviews, and agentic defense workflows that autonomously detect and remediate issues under human oversight. Participation in Anthropic’s Cyber Verification Program further validates approved defensive use.

🔍 The Firefox team used frontier AI models in partnership with Anthropic to scan the browser and fix latent security flaws. After earlier work with Opus 4.6 that produced 22 fixes for Firefox 148, an early evaluation of Claude Mythos Preview uncovered 271 vulnerabilities now addressed in Firefox 150. The team worked around the clock to triage and remediate the findings, and observers note this technology favors defenders—provided patches reach users quickly.

🔐 Anthropic announced Claude Mythos Preview can autonomously discover and weaponize software vulnerabilities, prompting the company to restrict access to a small set of partners. The claim unsettled security researchers and analysts, in part because details remain sparse and speculation ranges from capacity limits to safety-driven restraint. The authors view Mythos as a real but incremental advancement that highlights the need to separate patchable from unpatchable systems and the verifiable from the hard-to-verify. They recommend tighter isolation, least-privilege design, continuous testing, and the use of defensive AI agents to reduce risk.

🔎 Anthropic's Claude Mythos Preview has reignited debate about AI-enabled vulnerability discovery and the operational strain that follows. Rapid detection is valuable, but finding issues and verifying fixes are distinct workflows, and many organizations lack the tooling to close that loop. Without centralized tracking, prioritized context, and verified remediation, faster discovery can simply produce a larger backlog of unresolved critical issues. Platforms like PlexTrac are presented as the operational layer needed to normalize findings, assign ownership, and enforce continuous re-testing.

🔒 The US Cybersecurity and Infrastructure Security Agency (CISA) does not yet have access to Anthropic’s bug-hunting AI model, Claude Mythos, while other government bodies do. Anthropic has restricted preview access through Project Glasswing to a select set of agencies, industry groups, and software providers over concerns the model could be misused to find and exploit vulnerabilities. Bloomberg reports members of a private Discord channel obtained unauthorized access and have been using Mythos for non-cybersecurity purposes, supplying screenshots to support their claim.

🔒 Palo Alto Networks' Unit 42 summarizes the ten most frequent CISO questions about frontier AI, outlining operational risks, strategic impacts, and prioritized mitigation steps. The piece characterizes frontier models (for example, Anthropic Mythos) as advanced foundational systems that can autonomously find vulnerabilities, chain exploits, and scale reconnaissance and social engineering at machine speed. Unit 42 urges organizations to prioritize findings by attacker reachability and AI exploitability, adopt machine-speed defenses, integrate frontier models into the SDLC, and consider the Unit 42 Frontier AI Defense service and a CISO checklist for immediate and long-term hardening.

🔒 At Google Cloud Next 26, COO Francis DeSouza said Google will not release a separate cyber‑focused frontier model and instead relies on the generalist Gemini3.1 Pro for security use cases. He advised pairing a strong general model with the right tooling, governance and access controls and training it on organisation‑specific context. Google plans to combine Gemini with agent and platform capabilities to support automated detection, triage and response. Competitors such as Anthropic and OpenAI are pursuing specialised variants like Claude Mythos and GPT‑5.4‑Cyber.

⚠️ Anthropic’s Project Glasswing, powered by the Mythos preview model, discovered pervasive, long-lived vulnerabilities across major operating systems and browsers — including chained exploit sequences, race-condition privilege escalations, and distributed ROP chains — and Anthropic paused a public release to give major vendors time to patch. Despite that cooperation, fewer than 1% of findings were patched, exposing a systemic remediation bottleneck. The author argues defenders must shift from scheduled, CVSS-driven processes to signal-driven validation, environment-specific context, and closed-loop remediation to act at machine speed against autonomous, AI-enabled attackers.

🔒 Microsoft will integrate Anthropic’s Mythos Preview into its Security Development Lifecycle, using the model alongside other advanced AI to surface vulnerabilities earlier in the software development process. The company says the move aims to strengthen and harden core products including Windows, Azure, and Microsoft 365 by improving automated detection and secure coding. Analysts note the shift signals frontier models moving from experimental tools into standard engineering workflows while raising dual-use concerns.

🔍 Claude Mythos Preview uncovered 271 security flaws in Firefox 148, all addressed in Firefox 150, prompting claims that the model can match human researchers in vulnerability discovery. Mozilla and security experts say Mythos closed significant gaps left by fuzzing and automation, though Anthropic is investigating reported unauthorized access to the model. Teams are urged to adopt continuous AI-assisted testing and treat models as privileged infrastructure.

🛡️ Microsoft outlines how defenders can harness AI to counter an accelerating threat environment. Through Project Glasswing and partnerships with model providers such as Anthropic, Microsoft tested Claude Mythos Preview against the CTI-REALM benchmark and observed meaningful detection improvements. The company plans to integrate advanced models into its Security Development Lifecycle, deploy rapid Defender detections, and share protections through MSRC and MAPP. The Secure Now exposure-management experience is available today, and a multi-model scanning harness is expected in preview in June 2026.

🔍 Anthropic warns that its AI vulnerability-discovery system Mythos will sharply increase the pace and volume of software flaws, forcing defenders to prioritize what to fix. The company recommended using the probabilistic EPSS model (developed by Empirical Security and published through FIRST) to triage vulnerabilities—patching CISA’s KEV list first, then addressing CVEs above a chosen EPSS threshold. Empirical Security leaders emphasize that EPSS is machine-driven and already integrated across many vendor products.

⚠️ Anthropic's reported Claude Mythos marks a shift: AI is compressing attack timelines by accelerating vulnerability discovery, exploit development, and multi-step attack planning. Attackers can now run malware, phishing, and vulnerability exploitation in parallel, reducing time to compromise and widening exposure. This trend demands prevention-first controls and real-time detection to identify and remediate gaps earlier, limiting impact.

🔐 AI is compressing the timeline of cyber risk, turning vulnerabilities that once took weeks to exploit into issues weaponized in hours, while also enabling defenders to analyze and mitigate faster. Fortinet has used AI in FortiGuard Labs since 2015 and now leverages generative and frontier models—including early access to Anthropic’s Mythos preview—to scale code analysis, threat hunting, and automated remediation. The recommendation is clear: embed AI across development, detection, and response, shorten mitigation cycles with automation and virtual patches, and design systems for continuous, integrated security.

⚠️ OX Security disclosed a systemic "by design" vulnerability in Anthropic's Model Context Protocol (MCP) SDK that permits remote command execution across reference implementations (Python, TypeScript, Java, Rust). Unsafe defaults in MCP's STDIO configuration produced 10 vulnerabilities affecting projects such as LiteLLM, LangChain, and Flowise, impacting over 7,000 public servers and 150 million downloads. Several downstream vendors have issued patches, but Anthropic has declined to change the protocol reference implementation, leaving an ongoing AI supply-chain risk.

🔍 Anthropic's Claude Mythos — developed under Project Glasswing and currently trialed by select organizations — faces scrutiny after VulnCheck's analysis found limited publicly attributable results. The team identified 75 CVE entries mentioning Anthropic, 40 credited to its researchers, but only one explicitly tied to Glasswing (CVE-2026-4747), with several additional findings embargoed. Anthropic has signaled more transparency in July 2026. Security experts caution that Mythos' reported exploit success rates could still accelerate attacker capabilities and outpace corporate change controls.

🛡️ Palo Alto Networks' early testing of frontier AI models—including Anthropic's Mythos (via Project Glasswing) and OpenAI models evaluated through Trusted Access for Cyber—shows these models can rapidly find vulnerabilities and generate exploits at scale. The company found a roughly 50% improvement in coding efficiency driving quantum leaps in scanning, vulnerability chaining, and full-stack logic analysis. This creates urgent risks: a deluge of discovered vulnerabilities, supply-chain "inside-out" attacks targeting AI infrastructure, and AI-driven autonomous attack agents that compress attack cycles to minutes. Organizations must accelerate automated patching, adopt zero trust, deploy XDR and agentic endpoint protections, and operationalize AI-driven SOCs like Cortex XSIAM to achieve near-real-time detection and response.