< ciso
brief />
Tag Banner

All news with #anthropic tag

220 articles · page 5 of 11

AI-Powered Defense for an AI-Accelerated Threat Landscape

🛡️ Microsoft outlines how defenders can harness AI to counter an accelerating threat environment. Through Project Glasswing and partnerships with model providers such as Anthropic, Microsoft tested Claude Mythos Preview against the CTI-REALM benchmark and observed meaningful detection improvements. The company plans to integrate advanced models into its Security Development Lifecycle, deploy rapid Defender detections, and share protections through MSRC and MAPP. The Secure Now exposure-management experience is available today, and a multi-model scanning harness is expected in preview in June 2026.
read more →

Anthropic Urges EPSS to Triage AI-Driven Vulnerabilities

🔍 Anthropic warns that its AI vulnerability-discovery system Mythos will sharply increase the pace and volume of software flaws, forcing defenders to prioritize what to fix. The company recommended using the probabilistic EPSS model (developed by Empirical Security and published through FIRST) to triage vulnerabilities—patching CISA’s KEV list first, then addressing CVEs above a chosen EPSS threshold. Empirical Security leaders emphasize that EPSS is machine-driven and already integrated across many vendor products.
read more →

AI Compresses Attack Timelines: Network Resilience Tested

⚠️ Anthropic's reported Claude Mythos marks a shift: AI is compressing attack timelines by accelerating vulnerability discovery, exploit development, and multi-step attack planning. Attackers can now run malware, phishing, and vulnerability exploitation in parallel, reducing time to compromise and widening exposure. This trend demands prevention-first controls and real-time detection to identify and remediate gaps earlier, limiting impact.
read more →

Supercharged Security: Responding to Frontier AI Risks

🔐 AI is compressing the timeline of cyber risk, turning vulnerabilities that once took weeks to exploit into issues weaponized in hours, while also enabling defenders to analyze and mitigate faster. Fortinet has used AI in FortiGuard Labs since 2015 and now leverages generative and frontier models—including early access to Anthropic’s Mythos preview—to scale code analysis, threat hunting, and automated remediation. The recommendation is clear: embed AI across development, detection, and response, shorten mitigation cycles with automation and virtual patches, and design systems for continuous, integrated security.
read more →

Anthropic MCP Design Flaw Enables Remote Code Execution

⚠️ OX Security disclosed a systemic "by design" vulnerability in Anthropic's Model Context Protocol (MCP) SDK that permits remote command execution across reference implementations (Python, TypeScript, Java, Rust). Unsafe defaults in MCP's STDIO configuration produced 10 vulnerabilities affecting projects such as LiteLLM, LangChain, and Flowise, impacting over 7,000 public servers and 150 million downloads. Several downstream vendors have issued patches, but Anthropic has declined to change the protocol reference implementation, leaving an ongoing AI supply-chain risk.
read more →

Claude Mythos scrutiny: Project Glasswing's true impact

🔍 Anthropic's Claude Mythos — developed under Project Glasswing and currently trialed by select organizations — faces scrutiny after VulnCheck's analysis found limited publicly attributable results. The team identified 75 CVE entries mentioning Anthropic, 40 credited to its researchers, but only one explicitly tied to Glasswing (CVE-2026-4747), with several additional findings embargoed. Anthropic has signaled more transparency in July 2026. Security experts caution that Mythos' reported exploit success rates could still accelerate attacker capabilities and outpace corporate change controls.
read more →

Defender's Guide: Frontier AI's Impact on Cybersecurity

🛡️ Palo Alto Networks' early testing of frontier AI models—including Anthropic's Mythos (via Project Glasswing) and OpenAI models evaluated through Trusted Access for Cyber—shows these models can rapidly find vulnerabilities and generate exploits at scale. The company found a roughly 50% improvement in coding efficiency driving quantum leaps in scanning, vulnerability chaining, and full-stack logic analysis. This creates urgent risks: a deluge of discovered vulnerabilities, supply-chain "inside-out" attacks targeting AI infrastructure, and AI-driven autonomous attack agents that compress attack cycles to minutes. Organizations must accelerate automated patching, adopt zero trust, deploy XDR and agentic endpoint protections, and operationalize AI-driven SOCs like Cortex XSIAM to achieve near-real-time detection and response.
read more →

Commercial AI Models Make Rapid Gains in Vulnerability

🔍 Forescout’s Verde Labs reports rapid progress across commercial, open-source and underground AI models in vulnerability research and exploit generation. In 2026 the firm found all tested models could complete end-to-end vulnerability research and about half could autonomously produce working exploits; top performers included Claude Opus 4.6 and Kimi K2.5. Using single prompts, the RAPTOR agentic framework and Verde Labs’ extensions, researchers discovered four zero-days in OpenNDS, demonstrating a lower barrier to discovery and a growing risk for organizations.
read more →

White House Enables Federal Access to Anthropic's Mythos

🔒The White House Office of Management and Budget is preparing protections to allow federal agencies to use a modified version of Anthropic's Claude Mythos model, according to an internal memo reported by Bloomberg. OMB CIO Gregory Barbaccia told Cabinet departments the agency is coordinating with model providers, industry partners, and the intelligence community to establish guardrails before potential release. The move comes while the Department of Defense's supply-chain risk designation against Anthropic remains in force, leaving the vendor barred from defense contracts.
read more →

Mythos and the Limits of Private AI Security Control

🔍 Anthropic announced a restricted release of Claude Mythos Preview, an AI claimed to find and weaponize software vulnerabilities at unprecedented scale, and limited access to roughly 50 organizations under Project Glasswing. The company highlighted thousands of flaws across major operating systems and browsers, including decades-old bugs and a set of 181 usable Firefox attacks, far beyond its prior model's performance. Yet the disclosure omits key metrics—false-positive rates, unfiltered outputs, and broad audit access—raising concerns that withholding a powerful tool is not a substitute for transparency, independent review, and funded access for domain experts.
read more →

Palo Alto on Anthropic’s Mythos and AI-Driven Security

🔒 Palo Alto Networks is participating in Anthropic’s Project Glasswing to test the Claude Mythos model for vulnerability discovery. EMEA CEO Helmut Reisinger says Mythos has identified unprecedented zero-day flaws across multiple operating systems and browsers and can often generate working exploits. Palo Alto is integrating Protect AI, Chronosphere, CyberArk, and soon Koi into its modular platform to secure AI, identity, observability, and agentic endpoints. Reisinger highlighted BYOK, European AI Act compliance, and preparations for the post-quantum era.
read more →

MCP STDIO Design Choice Enables Widespread RCE Risk

⚠️ Researchers at OX Security warn that a design decision in Anthropic’s reference Model Context Protocol (MCP) STDIO implementation may permit remote code execution (RCE) when client applications start local MCP servers without proper command filtering. The flaw stems from SDKs accepting arbitrary STDIO commands as subprocess arguments, which many adapters and tools inherit. Anthropic and other framework maintainers say this behavior is by design and that application developers must sanitize inputs, but OX found few effective defenses and demonstrated RCE across numerous projects and services.
read more →

Anthropic Claude Opus 4.7 Now Available in Amazon Bedrock

🚀 Claude Opus 4.7 is now available in Amazon Bedrock, delivering Anthropic’s most capable Opus release with improvements across coding, professional knowledge work, visual understanding, and long-running task handling. Served via Bedrock’s next-generation inference engine, Opus 4.7 offers enterprise features such as zero operator data access, dynamic traffic routing, and improved scalability. The model enhances agentic coding, systems engineering, long-horizon reasoning, and high-resolution image support, and is available in select AWS Regions.
read more →

Glasswing’s Public Record: Just One Confirmed CVE Now

🔍VulnCheck's analysis indicates Anthropic's controlled-access Project Glasswing has only one publicly attributable CVE: CVE-2026-4747, a FreeBSD NFS remote code execution flaw described as autonomously identified and exploited. Researcher Patrick Garrity reviewed the CVE database and found 75 records mentioning Anthropic, but only 40 credited to its researchers and a single CVE tied explicitly to Glasswing. Industry observers warn that public attribution may understate the model's potential, and Anthropic plans a fuller accounting by July 2026.
read more →

Venice OT intrusion claim and Anthropic source leak risks

🔒 Smashing Security episode 463 examines two incidents that expose operational and AI security weaknesses: a claimed intrusion into Venice’s flood‑defence pump controls and an accidental full‑source disclosure by Anthropic. Hosts Graham Cluley and Tanya Janca discuss the physical risks of compromised legacy OT systems, how packaging/CI misconfigurations can leak high‑value IP and attack surface, and the governance challenges of powerful internal tools like Mythos. They recommend stronger CI/CD defaults, strict access controls for model assets, and reliable out‑of‑band incident communications.
read more →

Anthropic Claude Opus 4.7 Now Available on Vertex AI

🟢 Claude Opus 4.7 is now generally available on Vertex AI, delivering improved problem solving, instruction following, and expanded vision and long-memory capabilities. The release boosts accuracy on high-resolution documents and charts and enhances performance in coding and agentic workflows. Paired with Vertex AI’s infrastructure, you can scale agents, leverage low latency and provisioned throughput, and apply unified security controls and Model Armor. Access is available on Vertex AI and via Google Cloud Marketplace with sample notebooks and pricing guidance.
read more →

Claude on Vertex AI: U.S. and EU Multi-Region Endpoints

🌐 Google Cloud has announced that U.S. and EU multi-region endpoints for Claude on Vertex AI are available in public preview. These endpoints pool capacity across multiple regions within a geography to dynamically route requests, improving reliability while keeping processing and data within the chosen jurisdiction. The feature supports prompt caching and automatic failover, and currently offers Opus 4.7 in preview. Enabling the capability requires a simple update to your API location identifier (for example, using us or eu).
read more →

AI Firms Urged into Larger Role in CVE Disclosures Now

🔒 At VulnCon26 in April, Lindsey Cerkovnik of CISA urged that AI firms like OpenAI and Anthropic be more directly represented in the CVE program to help manage a surge in reported vulnerabilities. She warned that new AI tools both accelerate discovery of valid flaws and generate lower-value noise, putting pressure on disclosure workflows. Recent vendor developments — Anthropic’s Mythos Preview and OpenAI’s GPT-5.4-Cyber — illustrate how automated research is already changing the threat landscape. Cerkovnik said CVE funding is secure and the program remains a CISA priority.
read more →

Mallory unveils AI-native threat intelligence platform

🔎 Mallory has launched an AI-native threat intelligence platform that converts global threat telemetry into prioritized, evidence-based cases tailored to an organization’s environment. The SaaS offering monitors thousands of sources, contextualizes findings against actual attack surfaces, and integrates with existing tools to automate hunt, detection, and exposure management workflows. It emphasizes actionable answers over alerts and supports Claude Code, MCP, APIs, and a modern UI for extensibility.
read more →

Europe Largely Excluded from Anthropic's Mythos Access

🔒 European regulators have been largely frozen out of early access to Anthropic's new Mythos model, Politico reports. Anthropic's Project Glasswing has initially restricted testing to select U.S. technology firms — notably Apple, Microsoft and Amazon — so partners can evaluate and mitigate security risks. The UK’s AI Security Institute has been permitted to test Mythos and acted on findings, while Germany has opened dialogue but not gained access, prompting concerns about private-sector control over a potent security-focused AI.
read more →