< ciso
brief />
Tag Banner

All news with #claude tag

111 articles · page 3 of 6

CISA Left Out of Anthropic Mythos Access, Others Get In

🔒 The US Cybersecurity and Infrastructure Security Agency (CISA) does not yet have access to Anthropic’s bug-hunting AI model, Claude Mythos, while other government bodies do. Anthropic has restricted preview access through Project Glasswing to a select set of agencies, industry groups, and software providers over concerns the model could be misused to find and exploit vulnerabilities. Bloomberg reports members of a private Discord channel obtained unauthorized access and have been using Mythos for non-cybersecurity purposes, supplying screenshots to support their claim.
read more →

Claude Mythos scrutiny: Project Glasswing's true impact

🔍 Anthropic's Claude Mythos — developed under Project Glasswing and currently trialed by select organizations — faces scrutiny after VulnCheck's analysis found limited publicly attributable results. The team identified 75 CVE entries mentioning Anthropic, 40 credited to its researchers, but only one explicitly tied to Glasswing (CVE-2026-4747), with several additional findings embargoed. Anthropic has signaled more transparency in July 2026. Security experts caution that Mythos' reported exploit success rates could still accelerate attacker capabilities and outpace corporate change controls.
read more →

Commercial AI Models Make Rapid Gains in Vulnerability

🔍 Forescout’s Verde Labs reports rapid progress across commercial, open-source and underground AI models in vulnerability research and exploit generation. In 2026 the firm found all tested models could complete end-to-end vulnerability research and about half could autonomously produce working exploits; top performers included Claude Opus 4.6 and Kimi K2.5. Using single prompts, the RAPTOR agentic framework and Verde Labs’ extensions, researchers discovered four zero-days in OpenNDS, demonstrating a lower barrier to discovery and a growing risk for organizations.
read more →

White House Enables Federal Access to Anthropic's Mythos

🔒The White House Office of Management and Budget is preparing protections to allow federal agencies to use a modified version of Anthropic's Claude Mythos model, according to an internal memo reported by Bloomberg. OMB CIO Gregory Barbaccia told Cabinet departments the agency is coordinating with model providers, industry partners, and the intelligence community to establish guardrails before potential release. The move comes while the Department of Defense's supply-chain risk designation against Anthropic remains in force, leaving the vendor barred from defense contracts.
read more →

Mythos and the Limits of Private AI Security Control

🔍 Anthropic announced a restricted release of Claude Mythos Preview, an AI claimed to find and weaponize software vulnerabilities at unprecedented scale, and limited access to roughly 50 organizations under Project Glasswing. The company highlighted thousands of flaws across major operating systems and browsers, including decades-old bugs and a set of 181 usable Firefox attacks, far beyond its prior model's performance. Yet the disclosure omits key metrics—false-positive rates, unfiltered outputs, and broad audit access—raising concerns that withholding a powerful tool is not a substitute for transparency, independent review, and funded access for domain experts.
read more →

Palo Alto on Anthropic’s Mythos and AI-Driven Security

🔒 Palo Alto Networks is participating in Anthropic’s Project Glasswing to test the Claude Mythos model for vulnerability discovery. EMEA CEO Helmut Reisinger says Mythos has identified unprecedented zero-day flaws across multiple operating systems and browsers and can often generate working exploits. Palo Alto is integrating Protect AI, Chronosphere, CyberArk, and soon Koi into its modular platform to secure AI, identity, observability, and agentic endpoints. Reisinger highlighted BYOK, European AI Act compliance, and preparations for the post-quantum era.
read more →

Anthropic Claude Opus 4.7 Now Available on Vertex AI

🟢 Claude Opus 4.7 is now generally available on Vertex AI, delivering improved problem solving, instruction following, and expanded vision and long-memory capabilities. The release boosts accuracy on high-resolution documents and charts and enhances performance in coding and agentic workflows. Paired with Vertex AI’s infrastructure, you can scale agents, leverage low latency and provisioned throughput, and apply unified security controls and Model Armor. Access is available on Vertex AI and via Google Cloud Marketplace with sample notebooks and pricing guidance.
read more →

Claude on Vertex AI: U.S. and EU Multi-Region Endpoints

🌐 Google Cloud has announced that U.S. and EU multi-region endpoints for Claude on Vertex AI are available in public preview. These endpoints pool capacity across multiple regions within a geography to dynamically route requests, improving reliability while keeping processing and data within the chosen jurisdiction. The feature supports prompt caching and automatic failover, and currently offers Opus 4.7 in preview. Enabling the capability requires a simple update to your API location identifier (for example, using us or eu).
read more →

Anthropic's Mythos Spurs Structural Cybersecurity Shift

⚠️A new Cloud Security Alliance (CSA) briefing warns that Anthropic's Claude Mythos (Preview) marks a structural shift in cybersecurity. The model can autonomously discover and exploit thousands of vulnerabilities and orchestrate attacks at speeds that compress discovery-to-weaponization from weeks to hours. The paper — informed by leading security figures — says Mythos is not an outlier and urges CISOs to build Mythos-ready programs, harden fundamentals, and elevate the issue to the board.
read more →

Anthropic’s Mythos Preview and Project Glasswing Risks

🔍 Anthropic's new Claude Mythos Preview and its Project Glasswing effort have focused industry attention on AI-driven cyberattack capabilities. Anthropic says it will not release the model publicly, citing the risk that it can automatically generate operational exploits, and is running the model against public and proprietary code to find and patch vulnerabilities before they can be weaponized. The announcement produced substantial PR impact, prompting rival vendors to echo similar caution. Security observers note defenders still hold an advantage—finding flaws is easier than turning them into attacks—but that margin is shrinking as models improve.
read more →

AI Claude Rapidly Finds 13-Year ActiveMQ RCE Bug Exploit

🔍 Researchers at Horizon3.ai used Anthropic’s Claude to rapidly identify a critical remote code execution vulnerability in Apache ActiveMQ Classic that persisted for roughly 13 years. The flaw (CVE-2026-34197) allows misuse of the Jolokia management API—for example via addNetworkConnector—to load a malicious remote Spring XML and execute arbitrary Java/system commands. While the issue requires authentication in principle, default credentials remain common and a separate vulnerability in some 6.x builds can expose Jolokia without auth, turning it into an unauthenticated RCE. Apache has released patches in 5.19.4 and 6.2.3; administrators should upgrade and restrict access to management interfaces immediately.
read more →

Sen. Sanders Discusses AI and Privacy: Claude Exchange

💬 Sen. Bernie Sanders engaged the AI assistant Claude in a public conversation about AI and privacy, probing how such systems handle personal data and the policy implications. Bruce Schneier observes that Claude's answers were 'actually pretty good,' indicating that large language models can inform lawmakers while also raising privacy and regulatory questions.
read more →

Anthropic's Claude Mythos Identifies Thousands of Zero‑Days

🔐 Anthropic launched Project Glasswing to apply a preview of its frontier model, Claude Mythos, to find and help remediate security vulnerabilities in critical software. The company says Mythos Preview has already identified thousands of high‑severity zero‑day flaws and autonomously developed complex exploits in testing. Access is restricted to a small set of vendors and foundations due to abuse risks. Anthropic committed significant usage credits and donations to support coordinated defensive patching while acknowledging prior operational leaks and the risk that the same capabilities could be misused.
read more →

Claude-assisted discovery of long-hidden ActiveMQ RCE

🔎 Horizon3.ai researchers used Anthropic's Claude to help uncover a remote code execution vulnerability, CVE-2026-34197, in Apache ActiveMQ Classic that reportedly persisted for about 13 years. The flaw allows an attacker to invoke Jolokia management operations to fetch a remote configuration file and execute arbitrary OS commands; default admin:admin credentials or prior exposure via CVE-2024-32114 can make exploitation trivial. Patches are available in versions 5.19.4 and 6.2.3, and administrators are advised to update, remove default credentials, and inspect broker logs for signs of compromise.
read more →

Anthropic's Project Glasswing and the AI Bug-Hunting Shift

🔎 Anthropic's Project Glasswing uses Claude Mythos Preview to autonomously hunt software vulnerabilities and is being offered to a closed consortium of more than 40 organizations, including Amazon, Microsoft, Apple, Google and the Linux Foundation. Anthropic says early tests found thousands of high-severity flaws across operating systems, browsers, and other widely used software, including an allegedly 27-year-old OpenBSD bug. Security leaders warn the development could upend bug-bounty economics, push security upstream, shorten exposure windows, and raise dual-use control questions.
read more →

Anthropic's Claude Mythos Preview Now on Vertex AI

🔒 Anthropic’s newest and most capable model, Claude Mythos Preview, is available in Private Preview to a select group of Google Cloud customers through Project Glasswing. Its placement on Vertex AI provides enterprises access to a frontier model integrated with Google Cloud’s tools to build, scale, and govern AI applications and agents. The announcement emphasizes high performance across use cases and a renewed focus on reducing cybersecurity risk in enterprise deployments.
read more →

Amazon Bedrock Introduces Claude Mythos Preview for SecOps

🔒 Amazon Bedrock now offers Claude Mythos Preview in a gated research preview as part of Project Glasswing. Anthropic's most advanced model to date demonstrates state-of-the-art capabilities across cybersecurity, software coding, and complex reasoning, identifying sophisticated vulnerabilities and showing exploitability in large codebases with less manual guidance. Access is limited to an allow-list in US East (N. Virginia) through Bedrock; AWS account teams will contact approved organizations.
read more →

Claude Code flaw allows bypass after 50 subcommands

🔒 A leaked copy of Claude Code has revealed a documented vulnerability that can be triggered when the tool receives more than 50 subcommands. Researchers at Adversa found that subcommands beyond the 50th bypass compute-intensive security analysis and instead elicit a simple user confirmation, creating a risky blind spot. Anthropic has developed a fix — a tree-sitter parser — but it is present only in internal code and not enabled in public builds that customers use.
read more →

Claude Chrome Extension Flaw Allowed Silent Prompting

⚠️ Researchers disclosed a vulnerability in Anthropic's Claude Google Chrome extension that allowed any website to silently inject prompts into the assistant simply by loading a page. Koi Security researcher Oren Yomtov reported the issue chained an overly permissive origin allowlist with a DOM-based XSS in an Arkose Labs CAPTCHA hosted on a-cdn.claude.ai. Exploitation could let attackers steal tokens, conversation history, and perform actions on behalf of victims. Anthropic patched the extension to require an exact origin match and Arkose Labs fixed the XSS.
read more →

Paid AI Accounts Now a Hot Underground Commodity Market

🤖 Flare's analysis of hundreds of fraud-forum posts finds premium AI subscriptions (including ChatGPT, Claude, and Microsoft Copilot) are widely advertised, bundled, and resold in underground markets. Listings tout discounted subscriptions, multi-service bundles, API keys, and claims of reduced restrictions. Patterns point to exposed keys, credential theft, large-scale account creation, trial abuse, and shared subscriptions fueling the trade, increasing operational and data risk for organizations.
read more →