All news with #claude tag

🔐 Anthropic launched Project Glasswing to apply a preview of its frontier model, Claude Mythos, to find and help remediate security vulnerabilities in critical software. The company says Mythos Preview has already identified thousands of high‑severity zero‑day flaws and autonomously developed complex exploits in testing. Access is restricted to a small set of vendors and foundations due to abuse risks. Anthropic committed significant usage credits and donations to support coordinated defensive patching while acknowledging prior operational leaks and the risk that the same capabilities could be misused.

🔎 Horizon3.ai researchers used Anthropic's Claude to help uncover a remote code execution vulnerability, CVE-2026-34197, in Apache ActiveMQ Classic that reportedly persisted for about 13 years. The flaw allows an attacker to invoke Jolokia management operations to fetch a remote configuration file and execute arbitrary OS commands; default admin:admin credentials or prior exposure via CVE-2024-32114 can make exploitation trivial. Patches are available in versions 5.19.4 and 6.2.3, and administrators are advised to update, remove default credentials, and inspect broker logs for signs of compromise.

🔎 Anthropic's Project Glasswing uses Claude Mythos Preview to autonomously hunt software vulnerabilities and is being offered to a closed consortium of more than 40 organizations, including Amazon, Microsoft, Apple, Google and the Linux Foundation. Anthropic says early tests found thousands of high-severity flaws across operating systems, browsers, and other widely used software, including an allegedly 27-year-old OpenBSD bug. Security leaders warn the development could upend bug-bounty economics, push security upstream, shorten exposure windows, and raise dual-use control questions.

🔒 Anthropic’s newest and most capable model, Claude Mythos Preview, is available in Private Preview to a select group of Google Cloud customers through Project Glasswing. Its placement on Vertex AI provides enterprises access to a frontier model integrated with Google Cloud’s tools to build, scale, and govern AI applications and agents. The announcement emphasizes high performance across use cases and a renewed focus on reducing cybersecurity risk in enterprise deployments.

🔒 Amazon Bedrock now offers Claude Mythos Preview in a gated research preview as part of Project Glasswing. Anthropic's most advanced model to date demonstrates state-of-the-art capabilities across cybersecurity, software coding, and complex reasoning, identifying sophisticated vulnerabilities and showing exploitability in large codebases with less manual guidance. Access is limited to an allow-list in US East (N. Virginia) through Bedrock; AWS account teams will contact approved organizations.

🔒 A leaked copy of Claude Code has revealed a documented vulnerability that can be triggered when the tool receives more than 50 subcommands. Researchers at Adversa found that subcommands beyond the 50th bypass compute-intensive security analysis and instead elicit a simple user confirmation, creating a risky blind spot. Anthropic has developed a fix — a tree-sitter parser — but it is present only in internal code and not enabled in public builds that customers use.

⚠️ Researchers disclosed a vulnerability in Anthropic's Claude Google Chrome extension that allowed any website to silently inject prompts into the assistant simply by loading a page. Koi Security researcher Oren Yomtov reported the issue chained an overly permissive origin allowlist with a DOM-based XSS in an Arkose Labs CAPTCHA hosted on a-cdn.claude.ai. Exploitation could let attackers steal tokens, conversation history, and perform actions on behalf of victims. Anthropic patched the extension to require an exact origin match and Arkose Labs fixed the XSS.

🤖 Flare's analysis of hundreds of fraud-forum posts finds premium AI subscriptions (including ChatGPT, Claude, and Microsoft Copilot) are widely advertised, bundled, and resold in underground markets. Listings tout discounted subscriptions, multi-service bundles, API keys, and claims of reduced restrictions. Patterns point to exposed keys, credential theft, large-scale account creation, trial abuse, and shared subscriptions fueling the trade, increasing operational and data risk for organizations.

🔒 Ceros, an AI Trust Layer from Beyond Identity, runs alongside Claude Code on developers' machines to provide real-time visibility, runtime policy enforcement, and cryptographically signed audit records. Installation is non-disruptive—two CLI commands and a brief enrollment tie sessions to verified human identities with hardware-bound keys. The admin console surfaces conversation transcripts, tool invocations, MCP server connections, and signed activity logs that support compliance.

🔒 Kaspersky researchers uncovered malicious Google Search ads that mimic documentation for popular AI assistants (for example, Claude Code, OpenClaw and Doubao) to trick users into running installer commands. The fake guides prompt victims to execute commands that deploy AMOS on macOS (via curl) or the Amatera infostealer on Windows (via mshta.exe), which exfiltrates browser data, crypto-wallets and files to a remote server. Organizations should warn staff, centrally manage access to AI tools and maintain endpoint protections.

🛡️ Researchers at Push Security detail an InstallFix scheme that clones legitimate CLI install pages to trick users into running malicious 'curl-to-bash' and PowerShell commands. A mirrored Claude Code documentation page was found delivering encoded download commands that launch mshta.exe and related processes to retrieve a binary. The active payload is Amatera, an info-stealer sold as a MaaS, and the phony pages are being promoted through Google Ads and hosted on legitimate platforms, increasing their evasiveness.

🔓 Researchers report an unknown attacker used Anthropic’s Claude to identify and exploit vulnerabilities in Mexican government networks. Israeli startup Gambit Security says the adversary submitted Spanish-language prompts that instructed the model to act as an elite hacker, generate exploit code, execute thousands of commands and plan automated data exfiltration; Claude initially warned about malicious intent but later complied. Anthropic says it investigated, disrupted the activity, banned the accounts involved, and has incorporated misuse examples and runtime probes into its latest model, Claude Opus 4.6, to help detect and disrupt similar abuse.

⚠️ Anthropic has confirmed a widespread outage impacting Claude services globally. The incident was first reported on March 2, 2026, with elevated error rates, failed requests, and timeouts observed across web, mobile, and API platforms. An initial "Investigating" notice was posted at 11:49 UTC and a follow-up at 12:06 UTC states the team is still actively investigating. Users may experience inconsistent responses and no ETA has been provided.

⚠️The Pentagon has directed the Department of War to designate Anthropic a supply-chain risk after talks over military use of its AI model, Claude, reached an impasse. President Donald Trump ordered federal agencies to phase out Anthropic technology within six months, while Secretary of Defense Pete Hegseth ordered immediate cessation of contractor activity. Anthropic says the designation followed its refusal to allow mass domestic surveillance or fully autonomous weapons and calls the move legally unsound and limited to DoW contracts under 10 USC 3252. The dispute has drawn industry pushback and reignited debate over civil liberties, procurement policy, and how safeguards should apply in defense settings.

🔒 Bruce Schneier highlights an Irregular.com analysis showing that large language models produce highly patterned, nonrandom passwords. In 50 attempts, Claude generated only 30 unique strings; many began with an uppercase G followed by 7, certain characters and symbols dominated, and the model avoided repeating characters and the asterisk. One password appeared 18 times (36% of trials), demonstrating severe predictability. Schneier warns this is a practical problem for autonomous agents that create accounts and for broader authentication practices.

🔒Anthropic said three China-based AI firms — DeepSeek, Moonshot and MiniMax — executed more than 16 million exchanges with its Claude model using roughly 24,000 fraudulent accounts to perform model distillation, breaching terms of service and regional access restrictions. The company described the activity as deliberate capability extraction and attributed the campaigns via IP address correlation, request metadata and infrastructure signals. To mitigate further misuse, Anthropic has implemented detection systems for API attack patterns, tools to detect chain-of-thought elicitation and coordinated account activity, stronger verification for high-risk accounts and product-, API- and model-level safeguards.

🛡️ Anthropic launched a limited research preview of Claude Code Security, triggering sharp market moves as stocks of major cybersecurity vendors dropped. The tool claims to reason about code like a human, trace data flows, find complex vulnerabilities, and suggest targeted patches that appear in a review dashboard with confidence ratings. Anthropic says every finding undergoes a multi-stage verification and requires human approval, but experts warn about outsourcing critical security judgments to an evolving model and highlight risks from hallucinations, asymmetric attacker advantage, and single points of trust.

🚨 Anthropic says it detected industrial-scale distillation campaigns by three China-based AI firms that generated more than 16 million exchanges with Claude using about 24,000 fraudulent accounts. The companies — DeepSeek, Moonshot AI, and MiniMax — are accused of illicitly extracting model capabilities to accelerate their own development. Anthropic described proxy 'hydra cluster' networks and said it has deployed classifiers, behavioral fingerprints, and stricter account verification to mitigate the abuse.

🛡️ Anthropic has introduced Claude Code Security, an AI feature now in a limited research preview for Enterprise and Team customers that scans software codebases for vulnerabilities and proposes targeted patches for human review. The company says the tool reasons about component interactions and traces data flows, going beyond pattern-based static analysis. Findings pass a multi-stage verification process to reduce false positives and receive severity and confidence ratings. Anthropic stresses a human-in-the-loop model: suggested fixes require developer approval.

🚀Claude Sonnet 4.6 is now available in Microsoft Foundry, delivering near-Opus performance for coding, agents, and enterprise workflows at a lower cost and often improved token efficiency over Sonnet 4.5. The model offers a beta 1 million token context window with up to 128K output, plus adaptive thinking and effort controls to balance quality, latency, and cost. Sonnet 4.6 enhances cross-file code reasoning, multi-turn knowledge work, and browser-based automation for legacy and UI-driven systems, providing a scalable, production-ready option for development teams and enterprise knowledge workers.