< ciso
brief />
Tag Banner

All news with #anthropic tag

220 articles · page 4 of 11

Anthropic's Claude Platform Now Generally Available on AWS

🚀 AWS announced general availability of Claude Platform on AWS, enabling customers to access Anthropic’s native Claude experience directly through their AWS accounts. The service is operated by Anthropic and processes customer data outside the AWS security boundary, while integrating with existing IAM, consolidated billing, and CloudTrail for visibility. It includes APIs, console access, early beta features, and capabilities such as Claude Managed Agents, web search, code execution, files API, and prompt tools.
read more →

Fake Claude Code Installer Steals Browser Credentials

🔒 Ontinue detailed a campaign distributing a previously undocumented information stealer via fake Claude Code install pages that hijack Chromium browsers to bypass App-Bound Encryption and exfiltrate cookies, passwords and payment data from developer workstations. The lure substituted the canonical Anthropic host for an attacker-controlled domain while /install.ps1 returned a verbatim genuine installer, letting automated scanners see benign PowerShell. A native helper is reflectively injected into browser processes to invoke the IElevator2 COM interface and extract encryption keys, while the PowerShell layer handles persistence, collection and C2 communications. Defenders are urged to enforce constrained PowerShell, enable script block logging and block newly registered domains.
read more →

Lyrie.ai Joins Anthropic CVP, Releases Open ATP Standard

🔒 OTT Cybersecurity LLC — the team behind Lyrie.ai — announced acceptance into Anthropic’s Cyber Verification Program and the public release of the Agent Trust Protocol (ATP). ATP is an open cryptographic standard that enables real-time verification of an AI agent’s identity, authorized scope, attestation status, delegation, and revocation. The protocol is royalty-free, slated for IETF submission, and a reference implementation is published under an MIT license. Lyrie positions itself as the security layer for autonomous AI agents operating on the internet.
read more →

Claude in Chrome vulnerability lets other extensions hijack

⚠️ Researchers at LayerX Security disclosed a flaw dubbed ClaudeBleed in Anthropic’s Claude in Chrome extension that lets other extensions inject scripts and commandeer the assistant. The issue stems from an exposed messaging interface that trusts origins instead of execution context, enabling zero-permission extensions to issue prompts and perform cross-site actions. Anthropic released a partial patch (v1.0.70) on May 6; LayerX urges stronger mitigations.
read more →

Commercial LLMs Used in Attack on Mexican Water Utility

⚠ OpenAI and Anthropic models were used by attackers in a cyber-attack that targeted a municipal water and drainage utility in the Monterrey metropolitan area, Dragos reports. The incident, which unfolded between December 2025 and February 2026, involved roughly 350 artifacts, many of them AI-generated malicious scripts used as offensive tooling. According to the report, Anthropic's Claude served as the primary technical executor—handling prompt-and-response interactions, intrusion planning and deployment—while OpenAI's GPT models were used for analytical tasks and generating Spanish-language outputs. Although the OT breach was ultimately unsuccessful, Dragos warns the campaign demonstrates how commercial LLMs can accelerate and refine attacks against operational environments and recommends tighter remote access policies and stronger authentication controls.
read more →

Fake Claude Site Distributes Beagle Backdoor to Windows

🔒 A fraudulent imitation of Anthropic's Claude hosted at claude-pro[.]com distributed a roughly 505 MB ZIP claiming to contain a "Claude-Pro Relay" tool, according to Sophos X-Ops. The MSI installer drops three items into the startup folder: a signed G DATA updater renamed NOVupdate.exe, an encrypted data file and a malicious avk.dll; when the updater runs it sideloads avk.dll, which decrypts shellcode and uses DonutLoader to load the Beagle backdoor. Sophos traced related samples to February–March 2026 and noted the campaign used Cloudflare for distribution while hosting C2 infrastructure on Alibaba Cloud.
read more →

US Agency to Safety-Test Frontier AI Models Pre-Release

🔒 The Center for AI Standards and Innovation (CAISI), part of the Department of Commerce’s NIST, has secured agreements with Google DeepMind, Microsoft, and xAI to conduct pre-deployment evaluations and targeted research on frontier AI models. These accords expand an existing program that already includes Anthropic and OpenAI and are intended to provide vendors with safety feedback before public release. Microsoft described the partnerships as essential to building trust in advanced systems, while CAISI emphasized continuous evaluation to advance AI security and standards.
read more →

Defending Against Attacks from Frontier AI Models: Readiness

🔒 A new generation of frontier AI models is changing how cyberattacks are developed, enabling speed, scale, and accessibility previously unseen. Early testing of advanced models, including Claude’s Mythos, shows they can identify code vulnerabilities, map attack paths, and generate working exploits with minimal effort. Organizations must treat these as fully AI-powered attacks and prioritize proactive readiness, detection, and mitigation strategies.
read more →

White House Weighs Pre-Release Checks for High-Risk AI

🛡️ The White House is privately discussing whether advanced AI models that could enable cyberattacks should undergo government-led or formal pre-release reviews before public deployment. The talks were prompted by Anthropic’s Mythos, which the company says has identified thousands of high-severity vulnerabilities, and by comparable capabilities from other labs. Officials are weighing options including formal vetting and targeted testing for higher-risk systems. No policy has been finalized and no timeline has been set.
read more →

Anthropic unveils Claude Security: AI code scanning

🔒 Anthropic has launched Claude Security in public beta for Claude Enterprise customers, evolving its previous Claude Code Security offering and running on Claude Opus 4.7. The tool scans codebases to identify vulnerabilities and generates targeted patch instructions, reasoning about data flows and inter-file interactions rather than relying on simple pattern matches. It supports scheduled and targeted scans, audit-friendly exports and integrations, attaches confidence ratings to findings, and requires no API integration or custom agent build. Access is available from the Claude.ai sidebar, with Team and Max tiers coming soon.
read more →

Enhancing AI-Driven Defense with Claude Opus 4.7 Integration

🔒 Palo Alto Networks’ Unit 42 Frontier AI Defense now integrates Anthropic’s Claude Security powered by Opus 4.7 to accelerate detection and remediation of AI-driven threats. The integration enables AI-driven exposure analysis, scalable deep-stack application reviews, and agentic defense workflows that autonomously detect and remediate issues under human oversight. Participation in Anthropic’s Cyber Verification Program further validates approved defensive use.
read more →

AI Audit Finds 271 Vulnerabilities in Firefox 150 Release

🔍 The Firefox team used frontier AI models in partnership with Anthropic to scan the browser and fix latent security flaws. After earlier work with Opus 4.6 that produced 22 fixes for Firefox 148, an early evaluation of Claude Mythos Preview uncovered 271 vulnerabilities now addressed in Firefox 150. The team worked around the clock to triage and remediate the findings, and observers note this technology favors defenders—provided patches reach users quickly.
read more →

Anthropic Mythos: What It Means for Cybersecurity Today

🔐 Anthropic announced Claude Mythos Preview can autonomously discover and weaponize software vulnerabilities, prompting the company to restrict access to a small set of partners. The claim unsettled security researchers and analysts, in part because details remain sparse and speculation ranges from capacity limits to safety-driven restraint. The authors view Mythos as a real but incremental advancement that highlights the need to separate patchable from unpatchable systems and the verifiable from the hard-to-verify. They recommend tighter isolation, least-privilege design, continuous testing, and the use of defensive AI agents to reduce risk.
read more →

AI Discovery Outpaces Remediation: The Mythos Problem

🔎 Anthropic's Claude Mythos Preview has reignited debate about AI-enabled vulnerability discovery and the operational strain that follows. Rapid detection is valuable, but finding issues and verifying fixes are distinct workflows, and many organizations lack the tooling to close that loop. Without centralized tracking, prioritized context, and verified remediation, faster discovery can simply produce a larger backlog of unresolved critical issues. Platforms like PlexTrac are presented as the operational layer needed to normalize findings, assign ownership, and enforce continuous re-testing.
read more →

CISA Left Out of Anthropic Mythos Access, Others Get In

🔒 The US Cybersecurity and Infrastructure Security Agency (CISA) does not yet have access to Anthropic’s bug-hunting AI model, Claude Mythos, while other government bodies do. Anthropic has restricted preview access through Project Glasswing to a select set of agencies, industry groups, and software providers over concerns the model could be misused to find and exploit vulnerabilities. Bloomberg reports members of a private Discord channel obtained unauthorized access and have been using Mythos for non-cybersecurity purposes, supplying screenshots to support their claim.
read more →

Frontier AI and the Future of Cyber Defense Playbook

🔒 Palo Alto Networks' Unit 42 summarizes the ten most frequent CISO questions about frontier AI, outlining operational risks, strategic impacts, and prioritized mitigation steps. The piece characterizes frontier models (for example, Anthropic Mythos) as advanced foundational systems that can autonomously find vulnerabilities, chain exploits, and scale reconnaissance and social engineering at machine speed. Unit 42 urges organizations to prioritize findings by attacker reachability and AI exploitability, adopt machine-speed defenses, integrate frontier models into the SDLC, and consider the Unit 42 Frontier AI Defense service and a CISO checklist for immediate and long-term hardening.
read more →

Google favors Gemini general model over cyber-specific LLM

🔒 At Google Cloud Next 26, COO Francis DeSouza said Google will not release a separate cyber‑focused frontier model and instead relies on the generalist Gemini3.1 Pro for security use cases. He advised pairing a strong general model with the right tooling, governance and access controls and training it on organisation‑specific context. Google plans to combine Gemini with agent and platform capabilities to support automated detection, triage and response. Competitors such as Anthropic and OpenAI are pursuing specialised variants like Claude Mythos and GPT‑5.4‑Cyber.
read more →

Project Glasswing Exposes AI-Driven Vulnerability Gap

⚠️ Anthropic’s Project Glasswing, powered by the Mythos preview model, discovered pervasive, long-lived vulnerabilities across major operating systems and browsers — including chained exploit sequences, race-condition privilege escalations, and distributed ROP chains — and Anthropic paused a public release to give major vendors time to patch. Despite that cooperation, fewer than 1% of findings were patched, exposing a systemic remediation bottleneck. The author argues defenders must shift from scheduled, CVSS-driven processes to signal-driven validation, environment-specific context, and closed-loop remediation to act at machine speed against autonomous, AI-enabled attackers.
read more →

Microsoft Adds Anthropic Mythos to SDLC, Boosts Security

🔒 Microsoft will integrate Anthropic’s Mythos Preview into its Security Development Lifecycle, using the model alongside other advanced AI to surface vulnerabilities earlier in the software development process. The company says the move aims to strengthen and harden core products including Windows, Azure, and Microsoft 365 by improving automated detection and secure coding. Analysts note the shift signals frontier models moving from experimental tools into standard engineering workflows while raising dual-use concerns.
read more →

Claude Mythos Finds 271 Firefox Flaws, Shifts Security

🔍 Claude Mythos Preview uncovered 271 security flaws in Firefox 148, all addressed in Firefox 150, prompting claims that the model can match human researchers in vulnerability discovery. Mozilla and security experts say Mythos closed significant gaps left by fuzzing and automation, though Anthropic is investigating reported unauthorized access to the model. Teams are urged to adopt continuous AI-assisted testing and treat models as privileged infrastructure.
read more →