Anthropic
-
Anthropic may be preparing public rollout of restricted Claude Mythos model
Anthropic appears to be preparing a public rollout of its restricted Claude Mythos model after it briefly surfaced in Claude Code and Claude Security, following an April preview that said it could generate highly capable cyberattacks.
-
Researchers flag MCP design flaw that could enable remote code execution
Researchers said a design flaw in Anthropic’s Model Context Protocol could allow remote code execution across thousands of servers and packages, exposing sensitive data and widening AI supply chain risk.
-
European regulators largely excluded from early access to Anthropic’s Mythos model
European regulators have largely been excluded from early access to Anthropic’s Mythos cybersecurity model, while a small group of mostly U.S. tech companies and the UK AI Security Institute have been allowed to test it.
-
Anthropic launches Project Glasswing to use Claude Mythos for vulnerability hunting
Anthropic launched Project Glasswing to use its Claude Mythos preview model for vulnerability hunting, saying the system found thousands of flaws and can also be powerful enough to aid exploitation.
-
Anthropic employee error exposed Claude Code source code through npm package
Anthropic said an employee exposed Claude Code source code by including a source map in an npm package. The company called it a packaging error, while experts said such files can reveal logic, prompts and secrets.
-
Researchers find flaw that could let websites inject prompts into Anthropic’s Claude Chrome extension
Researchers disclosed a flaw called ShadowPrompt in Anthropic’s Claude Chrome extension that combined an overly permissive origin allowlist and a DOM-based XSS in an Arkose Labs CAPTCHA, allowing websites to inject prompts; Anthropic and Arkose issued fixes in December 2025 and February 2026.
-
Anthropic reports three firms used 24,000 fake accounts to extract Claude in over 16 million exchanges
Anthropic reported that three China based AI firms used about 24,000 fraudulent accounts to run distillation campaigns against Claude that produced over 16 million exchanges targeting reasoning, coding and tool use capabilities.
-
Report: Claude Desktop Extensions run unsandboxed, enabling zero-click RCE
A LayerX Security technical analysis found Claude Desktop Extensions run unsandboxed with full system privileges, enabling zero-click remote code execution via a malicious Google Calendar entry when MCP permissions are granted.
-
Anthropic says Chinese state-sponsored group used Claude Code AI in espionage campaign
Anthropic reported that a Chinese state-sponsored group used its Claude Code AI and a Model Context Protocol to orchestrate attempted intrusions against about 30 high-profile organizations in mid-September, succeeding in a small number of cases; Anthropic banned accounts, notified victims and said AI hallucinations limited full autonomy.
-
Google DeepMind unveils CodeMender to detect, patch and rewrite vulnerable code
DeepMind has unveiled CodeMender, an AI agent that detects, patches and rewrites vulnerable code using Gemini models and an LLM-based critique tool; Google says it has upstreamed 72 fixes and is expanding AI security measures including an AI Vulnerability Reward Program and updates to its Secure AI Framework.
