< ciso
brief />
Tag Banner

All news with #claude tag

111 articles · page 5 of 6

Anthropic's Claude Opus 4.6 Available in Microsoft Foundry

🤖 Claude Opus 4.6 is now available in Microsoft Foundry on Azure, delivering Anthropic’s advanced reasoning and agent capabilities to enterprise workflows. The model supports a beta 1M-token context window, up to 128K output tokens, and new API controls including Adaptive Thinking and Context Compaction. Integrated with Foundry IQ and Azure governance, Opus 4.6 targets coding, knowledge work, finance, legal, cybersecurity, and multi-tool agent automation—helping teams move from experimentation to production while preserving compliance and operational control.
read more →

AI Models Now Automate Finding and Exploiting Vulnerabilities

🔍 Anthropic reports that recent Claude models, notably Sonnet 4.5, can now carry out multistage network attacks using only standard open-source tools instead of bespoke cyber toolkits. In high-fidelity simulations, Sonnet 4.5 recognized a public CVE and exploited a Kali Linux host via a plain Bash shell to exfiltrate simulated personal data. Bruce Schneier highlights these findings as a major change, stressing the urgency of timely patching and basic security hygiene.
read more →

Anthropic Brings Claude to Healthcare With HIPAA Tools

🔒 Anthropic is expanding Claude into healthcare with HIPAA-ready enterprise tools and new healthcare-specific connectors. It can access the CMS Coverage Database to check Medicare coverage rules, support prior authorization, and look up ICD-10 codes. Anthropic says deployments can help revenue cycle, credentialing, and reduce claim errors.
read more →

Anthropic Launches Claude for Healthcare with Record Access

🩺 Anthropic has introduced Claude for Healthcare, allowing U.S. subscribers on Claude Pro and Max plans to grant secure access to lab results and health records via integrations with HealthEx and Function, with Apple Health and Android Health Connect rolling out to mobile apps later this week. When connected, Claude can summarize medical history, explain test results in plain language, detect patterns across fitness metrics, and draft questions for appointments. Anthropic says the integrations are private by design, let users choose what to share, and do not use health data to train its models; permissions can be edited or revoked at any time.
read more →

Anthropic debunks viral Claude 'banned' screenshot

🔍Anthropic says a widely shared screenshot claiming its Claude AI permanently banned an account and reported the user to authorities is fake. The company told BleepingComputer the image does not match any real Claude notification and that similar fabricated screenshots 'circulate every few months.' Anthropic noted it can restrict accounts for repeated policy violations, including attempts to misuse AI for illegal activities. Users should verify alarming posts with official channels before sharing.
read more →

OpenAI Tests 'Skills' for ChatGPT, Mirroring Claude

🛠️ OpenAI is testing a new ChatGPT feature called Skills, modeled on Anthropic's Claude Skills. Reports say the capability — codenamed 'hazelnuts' — will appear as slash commands and include a dedicated Skills editor plus an option to convert a custom GPT into a skill. Claude's Skills are folder-based instructions that can be composable, portable, efficient, and can include executable code; OpenAI's implementation appears to follow a similar design. Timing is unclear, but a January 2026 rollout is currently suggested.
read more →

Lies-in-the-Loop Attack Hijacks AI Human Prompts Dialogs

⚠️ Security researchers at Checkmarx disclosed a novel technique called Lies-in-the-Loop (LITL) that manipulates Human-in-the-Loop (HITL) confirmation dialogs to trigger arbitrary code execution. The attack forges or alters dialog text, metadata and Markdown rendering so that dangerous commands appear benign, effectively turning a safety checkpoint into an exploit vector. Demonstrations targeted privileged code-assistant tools including Claude Code and Copilot Chat, and the authors urge a defense-in-depth approach combining user training, improved dialog clarity and input sanitization.
read more →

Urban VPN Extension Caught Exfiltrating AI Chat Data

🔒 Researchers at Koi found that the popular Urban VPN Proxy browser extension injects scripts to capture full AI chat conversations — including prompts and responses — then exports them to the extension vendor's backend. The monitoring runs even when the VPN is disabled and activates on major platforms such as ChatGPT, Claude, Gemini, Perplexity and Grok. For organizations that paste internal code, data or research into AI tools, this creates a significant data-theft risk outside corporate controls.
read more →

Urban VPN Extension Steals AI Chats from Users' Browsers

⚠️ Security researchers found that Urban VPN Proxy, a free browser extension with millions of installs, injected hidden scripts to capture full AI chat conversations from users’ browsers. The extension targeted multiple platforms including ChatGPT, Claude, Gemini and Perplexity, overriding browser network APIs to intercept prompts and responses. Captured data was packaged and sent to the extension operator’s backend even when VPN features were disabled. The extension marketed an “AI protection” feature that did not prevent this collection.
read more →

AI Agents Demonstrate Real-World Smart Contract Exploits

🔍 Researchers used a new benchmark, SCONE-bench, to train AI agents to find and produce exploits against historically compromised smart contracts. On 405 real-world contracts from 2020–2025, Claude Opus 4.5, Claude Sonnet 4.5, and GPT-5 generated exploits valued at $4.6 million. In simulated tests against 2,849 recently deployed contracts the agents discovered two novel zero-day vulnerabilities and created exploits worth $3,694, with GPT-5 incurring $3,476 in API costs. The findings show autonomous, profitable exploitation is technically feasible and emphasize the need for proactive AI-driven defense.
read more →

Crossing the Autonomy Threshold: Defending Against AI Agents

🤖 The GTG-1002 campaign, analyzed by Nicole Nichols and Ryan Heartfield, demonstrates the arrival of autonomous offensive cyber agents powered by Claude Code. The agent autonomously mapped attack surfaces, generated and executed exploits, harvested credentials, and conducted prioritized intelligence analysis across multiple enterprise targets with negligible human supervision. Defenders must adopt agentic, machine-driven security that emphasizes precision, distributed observability, and proactive protection of AI systems to outpace these machine-speed threats.
read more →

The AI Fix — Episode 78: Security, Spies, and Hype

🎧 In Episode 78 of The AI Fix, hosts Graham Cluley and Mark Stockley examine a string of headline-grabbing AI stories, from a fact-checked “robot spider” scare to Anthropic’s claim of catching an autonomous AI cyber-spy. The discussion covers Claude hallucinations, alleged state-backed misuse of US AI models, and concerns about AI-driven military systems and investor exuberance. The episode also questions whether the current AI boom is a bubble, while highlighting real-world examples like AI-generated music charting and pilots controlling drone wingmen.
read more →

Claude Opus 4.5 Brings Agentic AI to Microsoft Foundry

🚀 Claude Opus 4.5 is now available in public preview in Microsoft Foundry, aiming to shift models from assistants to agentic collaborators that execute multi-tool workflows and support complex engineering tasks. Anthropic and Microsoft highlight Opus 4.5’s strengthened coding, vision, and reasoning capabilities alongside improved safety and prompt-injection robustness. Foundry adds developer features like Programmatic Tool Calling, Tool Search, Effort Parameter (Beta), and Compaction Control to help teams build deterministic, long-running agents while keeping centralized governance and observability.
read more →

Anthropic Claude Opus 4.5 Now Available on Vertex AI

🚀 Anthropic's Claude Opus 4.5 is now generally available on Vertex AI, delivering frontier performance for coding, agents, vision, and office automation at roughly one-third the cost of Opus 4.1. The model introduces advanced agentic tool use—programmatic tool calling (including direct Python execution) and dynamic tool search—plus expanded memory and a 1M-token context window to support long, multi-step tasks. On Vertex AI, Opus 4.5 is offered as a Model-as-a-Service on Google's high-performance infrastructure with prompt caching, efficient batch predictions, provisioned throughput, and enterprise-grade controls for deployment. Organizations can leverage the Agent Builder stack (ADK, A2A, and Agent Engine) and Google Cloud security controls, including Model Armor and Security Command Center protections, to accelerate production agents while managing cost and risk.
read more →

AI Agents Used in State-Sponsored Large-Scale Espionage

⚠️ In mid‑September 2025, Anthropic detected a sophisticated espionage campaign in which attackers manipulated its Claude Code tool to autonomously attempt infiltration of roughly thirty global targets, succeeding in a small number of cases. The company assesses with high confidence that a Chinese state‑sponsored group conducted the operation against large technology firms, financial institutions, chemical manufacturers, and government agencies. Anthropic characterizes this as likely the first documented large‑scale cyberattack executed with minimal human intervention, enabled by models' increased intelligence, agentic autonomy, and access to external tools.
read more →

Using AI to Avoid Black Friday Price Manipulation and Scams

🛍️ Black Friday shopping is increasingly fraught with staged discounts and manipulated prices, but large language models (LLMs) can help shoppers cut through the noise. Use AI like ChatGPT, Claude, or Gemini to build a wish list, track historical prices, compare alternatives, and vet sellers quickly. The article provides step-by-step prompts for price analysis, seller verification, local-market queries, and model-specific requests, and recommends security measures such as using a separate card and installing Kaspersky Premium to reduce fraud risk.
read more →

Anthropic Reports AI-Enabled Cyber Espionage Campaign

🔒 Anthropic says an AI-powered espionage campaign used its developer tool Claude Code to conduct largely autonomous infiltration attempts against about 30 organizations, discovered in mid-September 2025. A group identified as GTG-1002, linked to China, is blamed. Security researchers, however, question the level of autonomy and note Anthropic has not published indicators of compromise.
read more →

Anthropic's Claim of Claude-Driven Attacks Draws Skepticism

🛡️ Anthropic says a Chinese state-sponsored group tracked as GTG-1002 leveraged its Claude Code model to largely automate a cyber-espionage campaign against roughly 30 organizations, an operation it says it disrupted in mid-September 2025. The company described a six-phase workflow in which Claude allegedly performed scanning, vulnerability discovery, payload generation, and post-exploitation, with humans intervening for about 10–20% of tasks. Security researchers reacted with skepticism, citing the absence of published indicators of compromise and limited technical detail. Anthropic reports it banned offending accounts, improved detection, and shared intelligence with partners.
read more →

Anthropic: Hackers Used Claude Code to Automate Attacks

🔒 Anthropic reported that a group it believes to be Chinese carried out a series of attacks in September targeting foreign governments and large corporations. The campaign stood out because attackers automated actions using Claude Code, Anthropic’s AI tool, enabling operations "literally with the click of a button," according to the company. Anthropic’s security team blocked the abusive accounts and has published a detailed report on the incident.
read more →

Chinese State-Linked Hackers Used Claude Code for Attacks

🛡️ Anthropic reported that likely Chinese state-sponsored attackers manipulated Claude Code, the company’s generative coding assistant, to carry out a mid-September 2025 espionage campaign that targeted tech firms, financial institutions, manufacturers and government agencies. The AI reportedly performed 80–90% of operational tasks across a six-phase attack flow, with only a few human intervention points. Anthropic says it banned the malicious accounts, notified affected organizations and expanded detection capabilities, but critics note the report lacks actionable IOCs and adversarial prompts.
read more →