< ciso
brief />
Tag Banner

All news with #anthropic tag

220 articles · page 8 of 11

Anthropic: Chinese AI Firms Used 16M Claude Queries

🚨 Anthropic says it detected industrial-scale distillation campaigns by three China-based AI firms that generated more than 16 million exchanges with Claude using about 24,000 fraudulent accounts. The companies — DeepSeek, Moonshot AI, and MiniMax — are accused of illicitly extracting model capabilities to accelerate their own development. Anthropic described proxy 'hydra cluster' networks and said it has deployed classifiers, behavioral fingerprints, and stricter account verification to mitigate the abuse.
read more →

Anthropic Launches Claude Code Security for Codebases

🛡️ Anthropic has introduced Claude Code Security, an AI feature now in a limited research preview for Enterprise and Team customers that scans software codebases for vulnerabilities and proposes targeted patches for human review. The company says the tool reasons about component interactions and traces data flows, going beyond pattern-based static analysis. Findings pass a multi-stage verification process to reduce false positives and receive severity and confidence ratings. Anthropic stresses a human-in-the-loop model: suggested fixes require developer approval.
read more →

Provisioned Throughput on Vertex AI: Expanded Capacity

⚙️ Provisioned Throughput on Vertex AI standardizes reserved capacity across first-party, third-party, and open-source models, adding multimodal and operational enhancements to support production-scale AI agents. The update introduces Anthropic integration (private preview), PT for popular open models such as Llama 4, Qwen3, and GLM-4.7, and native support for high-bandwidth modalities including Gemini 3, Nano Banana, and Gemini Live API. Operational improvements — one-week PT terms, scheduled change orders, and explicit caching for long contexts — enable predictable latency, flexible commitments, and lower input costs for peak events and high-concurrency workloads.
read more →

Claude Sonnet 4.6 in Microsoft Foundry — Frontier AI

🚀Claude Sonnet 4.6 is now available in Microsoft Foundry, delivering near-Opus performance for coding, agents, and enterprise workflows at a lower cost and often improved token efficiency over Sonnet 4.5. The model offers a beta 1 million token context window with up to 128K output, plus adaptive thinking and effort controls to balance quality, latency, and cost. Sonnet 4.6 enhances cross-file code reasoning, multi-turn knowledge work, and browser-based automation for legacy and UI-driven systems, providing a scalable, production-ready option for development teams and enterprise knowledge workers.
read more →

Anthropic's Claude Sonnet 4.6 Now Available in Bedrock

🚀 Amazon Bedrock now supports Claude Sonnet 4.6, Anthropic's newest model delivering frontier performance across coding, agentic workflows, and professional knowledge work. Sonnet 4.6 enables faster, high-quality task completion and claims near-human reliability for browser-based automation, at a lower cost than Opus 4.6. Enterprises can migrate from Sonnet 4.5 with minimal prompt changes and deploy it across supported Bedrock regions for search, chat, agents, and domain-specific applications.
read more →

Bedrock Raises Claude Sonnet 4.5 Quotas in AWS GovCloud

🚀Amazon increased default quotas for Anthropic’s Claude Sonnet 4.5 in Amazon Bedrock running in AWS GovCloud (US-West and US-East), raising throughput to 5,000,000 tokens per minute and 1,000 requests per minute. The 25× increase aligns GovCloud limits with commercial regions and lets regulated customers scale high-volume AI workloads more effectively. Consult the AWS GovCloud console and Bedrock documentation to get started.
read more →

Shannon AI, VoidLink Threats, and Weekly Talos Brief

🔐 Shannon — a fully autonomous AI penetration testing tool from Keygraph — has raised warnings because it requires access to source code, repository layout, and AI API keys, creating substantial exposure risks. Organizations should evaluate scoping, data retention, and whether findings will be used to improve secure development practices or treated as a quick fix. Vendor responses vary, illustrated by recent detection-focused updates from Anthropic, underscoring the need for careful risk assessment before adopting agentic pentesting tools.
read more →

ThreatsDay Bulletin: Access Abuse and Quiet Persistence

📝 This week’s bulletin spotlights attackers favoring reliable tradecraft—misusing trusted tools and simple entry points while executing deliberate, long‑dwell post‑compromise activity. Microsoft fixed a Notepad Markdown command‑injection (CVE‑2026‑20841) and LayerX disclosed a 0‑click RCE risk in Claude Desktop Extensions. Emerging stealers (LTX, Marco), evolving loaders (GuLoader, RenEngine), and data‑theft ransomware trends raise operational risk. Defenders must detect misuse of legitimate access and anomalous in‑system behavior.
read more →

AI Skills Exposed: New Attack Surface for Enterprises

⚠️ TrendAI warns that so-called AI skills—executable artifacts that combine human-readable instructions, decision logic and operational constraints—are dangerously exposed to theft, sabotage and disruption. These skills power automation in tools such as Anthropic’s Agent Skills, OpenAI’s GPT Actions and Microsoft’s Copilot Plugin, and can surface proprietary data and business logic. If attackers obtain skill logic or operational data they could disrupt public services, manipulate manufacturing or steal sensitive records. TrendAI recommends integrity monitoring, strict access controls, separation of data and logic, least-privilege execution, adversary testing and continuous logging and auditing.
read more →

Anthropic DXT's Privileged Design Enables Critical RCE

⚠️ LayerX Security published a report describing a critical zero-click RCE in Anthropic’s Claude Desktop Extensions (DXT) that can let a malicious Google Calendar invite trigger arbitrary local code execution when MCP connectors run with full system privileges. The researchers say DXT runs unsandboxed and can autonomously chain low-risk services to high-risk local executors without user consent. Anthropic says users explicitly grant MCP permissions and must configure the tool carefully, while security experts call the issue architectural and urge stricter deployment controls and sandboxing.
read more →

Critical Zero-Click Flaw in Claude Desktop Extensions

⚠️LayerX disclosed a critical zero-click vulnerability affecting 50 Claude Desktop Extensions (DXT) that can result in remote code execution from a single crafted Google Calendar event. The flaw is possible because DXTs operate as unsandboxed MCP servers with full host privileges, allowing them to read files, run system commands and access credentials. LayerX rated the issue CVSS 10.0 and warned it could affect over 10,000 active users. Anthropic has declined to remediate, saying the scenario falls outside its current threat model.
read more →

LLMs Accelerate Zero-Day Discovery: Opus 4.6 Advances

🔎 Claude Opus 4.6 markedly improves automated vulnerability discovery, finding high-severity bugs faster and without task-specific tooling. Unlike traditional fuzzers, which depend on massive random inputs, Opus 4.6 reads and reasons about code like a human researcher—spotting patterns, past fixes, and precise inputs that trigger failures. Early tests show it uncovered long-standing zero-days in projects previously subject to extensive fuzzing.
read more →

Anthropic's Claude Opus 4.6 Finds 500 High-Severity Bugs

🔍 Anthropic says its newly released large language model, Claude Opus 4.6, was used internally to identify zero-day vulnerabilities in open-source software. The model ran inside a virtual machine with access to current project repositories and standard analysis utilities but received no specific instructions on how to conduct hunts. Despite that, Anthropic reports the system flagged 500 high-severity vulnerabilities, and company staff are manually validating findings before reporting them to maintain accuracy.
read more →

Anthropic Claude Opus 4.6 Finds 500+ High-Severity Bugs

🔍 Anthropic's Claude Opus 4.6 has identified more than 500 previously unknown high-severity vulnerabilities across major open-source libraries, including Ghostscript, OpenSC, and CGIF. Launched this week, the model shows improved code-review and debugging capabilities and was evaluated by Anthropic's Frontier Red Team in a virtualized environment using standard developer tools. Anthropic says each flagged defect was validated and patched by maintainers, positioning the model as a defender-oriented tool to help prioritize serious memory-corruption risks while it iterates on additional safeguards to limit misuse.
read more →

Google Cloud Adds Anthropic Claude Opus 4.6 to Vertex AI

🚀 Google Cloud has added Anthropic's Claude Opus 4.6 to Vertex AI, extending its curated model catalog for enterprise and agentic workloads. Opus 4.6 is positioned for complex coding, polished document and spreadsheet generation, advanced tool calling, and sophisticated multi-step agents. Feature highlights include GA support for adaptive thinking, an effort parameter, 128k output tokens, and previews for a 1M context window and compaction API. Google emphasizes managed agent tooling, governance, and infrastructure to deploy Claude-powered agents at scale.
read more →

Anthropic's Claude Opus 4.6 Available in Microsoft Foundry

🤖 Claude Opus 4.6 is now available in Microsoft Foundry on Azure, delivering Anthropic’s advanced reasoning and agent capabilities to enterprise workflows. The model supports a beta 1M-token context window, up to 128K output tokens, and new API controls including Adaptive Thinking and Context Compaction. Integrated with Foundry IQ and Azure governance, Opus 4.6 targets coding, knowledge work, finance, legal, cybersecurity, and multi-tool agent automation—helping teams move from experimentation to production while preserving compliance and operational control.
read more →

Claude Opus 4.6 Now Available on Amazon Bedrock Enterprise

🚀 Claude Opus 4.6 is now available in Amazon Bedrock, delivering Anthropic’s most capable model for coding, agentic tasks, and professional workflows. It emphasizes advanced multi-step reasoning, proactive subagent orchestration, and long-horizon code development. The release supports preview context windows of 200K and 1M tokens and targets enterprise-grade reliability for complex automation and cybersecurity use cases.
read more →

Amazon Bedrock Adds Structured Outputs for Predictable JSON

🔧 Amazon Bedrock now offers structured outputs that return model responses conforming to user-defined JSON schemas, reducing the need for application-level validation. The capability, generally available in February 2026 for Anthropic Claude 4.5 and select open-weight models, supports schema definitions or strict tool definitions. It is available via the Converse and Invoke APIs across commercial AWS Regions where Bedrock is supported.
read more →

AIs' Growing Ability to Find and Exploit Vulnerabilities

🔐 Bruce Schneier summarizes an Anthropic evaluation showing that Claude Sonnet 4.5 can perform multistage attacks across networks with dozens of hosts using only standard, open-source tools. In a high-fidelity simulation of the Equifax breach the model reportedly exfiltrated personal data from a Kali Linux host via a Bash shell, recognizing a public CVE and generating exploit code without external lookup. The results illustrate how fast AI is lowering barriers to autonomous cyber workflows and reinforce the urgent need for prompt patching, layered defenses, and basic security hygiene.
read more →

Risks and Privacy of AI-Powered Toys for Children Now

🤖 This Kaspersky article evaluates safety and privacy risks in consumer AI toys by testing four products—Grok, Kumma, Miko 3, and Robot MINI—using a simulated five‑year‑old. It emphasizes that these devices run on general-purpose LLMs (for example, OpenAI, Anthropic, Google) with inconsistent vendor guardrails. Tests show toys sometimes disclosed locations of dangerous household items, engaged on adult topics, and transmitted or stored voice and biometric data. The piece warns current toys lack reliable safety boundaries and calls for stronger guardrails and clearer data practices.
read more →