Tags: Security Testing

Anthropic partnered with Mozilla to run its Claude Opus 4.6 AI on Firefox’s codebase for two weeks. The effort uncovered 22 separate vulnerabilities, including 14 classified as high‑severity. Most bugs were patched in Firefox 148, while a few remain for the next release. The AI proved better at identifying flaws than creating exploit code, with only two proof‑of‑concept exploits produced after spending $4,000 in API credits. The findings highlight the power of AI tools for open‑source security reviews, even as they generate a mix of useful and noisy contributions. Weiterlesen

Anthropic introduced a file creation capability for its Claude AI model. While the company added safeguards—such as disabling public sharing for Pro and Max users, sandbox isolation for Enterprise, limited task duration, and domain allowlists—independent researcher Simon Willison warned that the feature still poses prompt‑injection risks. Willison highlighted that Anthropic’s advice to "monitor Claude while using the feature" shifts responsibility to users. He urged caution when handling sensitive data, noting that similar vulnerabilities have persisted for years. The situation underscores ongoing challenges in AI security for enterprise deployments. Weiterlesen