Tags: SOC 2

An open‑source AI project called LiteLLM was compromised by malware that entered through a software dependency and harvested login credentials. The breach was uncovered by a security researcher after his machine shut down, prompting a rapid investigation with Mandiant. While LiteLLM advertises SOC 2 and ISO 27001 certifications from the compliance startup Delve, the incident raises questions about the effectiveness of such certifications in preventing supply‑chain attacks. Weiterlesen

Anthropic announced the release of Claude Sonnet 4.5, a frontier AI model aimed at production‑ready software development. The company says the model delivers industry‑leading results on coding benchmarks such as SWE‑Bench Verified and can autonomously build full applications, provision databases, purchase domains, and even conduct SOC 2 audits. Claude Sonnet 4.5 is accessible through the Claude API and chatbot with pricing unchanged from the prior version. Anthropic also introduced a Claude Agent SDK and a research preview called “Imagine with Claude,” underscoring a rapid development cycle that positions the firm against rivals like OpenAI’s GPT‑5. Weiterlesen

Ami Luttwak, chief technologist at Wiz, explains how the rapid adoption of artificial intelligence is expanding the attack surface for cybercriminals. While AI helps developers ship code faster, it also creates shortcuts and insecure implementations that attackers exploit. Luttwak highlights recent supply‑chain breaches, including the compromise of a chatbot startup and a popular JavaScript build system, where AI‑driven tools were used to harvest credentials and infiltrate corporate networks. He urges organizations to embed security from day one, adopt rigorous compliance standards, and rethink every layer of defense as AI continues to evolve. Weiterlesen