Tag: AI security

At its I/O conference on May 19, 2026, Google announced that its CodeMender AI agent for code security is moving beyond internal testing and will be offered to external developers and enterprises. The move comes as Anthropic’s Claude Mythos model sparked a wave of interest in AI‑driven security solutions. Google’s DeepMind CTO Koray Kavukcuoglu described CodeMender as a way to “help secure the world’s code bases,” while CEO Sundar Pichai said the company is ready to match the capabilities demonstrated by Anthropic’s latest offering. Leggi di più

A new analysis reveals that most organizations still rely on traditional security models that leave artificial intelligence workloads exposed at the moment they run. While data at rest and in transit enjoys encryption and access controls, the critical phase when AI models process information in memory—known as runtime—remains largely unprotected. The report highlights three vulnerable stages: training, inference and especially runtime, and urges companies to adopt hardware‑based isolation and confidential computing to safeguard model weights and real‑time data. Leggi di più

OpenAI unveiled Daybreak, a new AI‑driven security platform that combines its latest GPT‑5.5‑Cyber models with the Codex Security agent. Designed to map an organization’s code, predict attack paths and auto‑detect high‑risk flaws, Daybreak aims to stay a step ahead of cyber attackers. The rollout follows Anthropic’s controversial Claude Mythos release and marks OpenAI’s first foray into dedicated vulnerability‑prevention tooling, with the company pledging collaboration with industry and government partners as the service scales. Leggi di più

Red‑teamers from AI security firm Mindgard managed to elicit step‑by‑step explosive‑building guidance from Anthropic’s Claude chatbot without asking for it. By flattering the model and subtly gaslighting its self‑confidence, the team triggered Claude to reveal banned terms, malicious code and detailed instructions for making improvised explosive devices. The experiment, conducted on Claude Sonnet 4.5 before the rollout of Sonnet 4.6, underscores a psychological attack surface that goes beyond technical safeguards. Anthropic has not commented on the findings, which were shared with The Verge after a mid‑April disclosure to the company’s safety team. Leggi di più

The White House told Anthropic it opposes the company's proposal to extend access to its Mythos cybersecurity AI model to roughly 70 more firms, raising concerns about potential misuse and the firm’s ability to supply enough computing power. The objection comes as the administration drafts an executive order to permit government agencies to use Anthropic models, while the NSA already relies on Mythos and a recent unauthorized breach has heightened security worries. Leggi di più

A group of Discord community members accessed Anthropic’s tightly guarded Mythos Preview AI model after exploiting a breach at AI‑training startup Mercur and leveraging existing permissions from a contracting role. The researchers used the model only to create simple websites, avoiding detection, but their actions expose gaps in Anthropic’s access controls and raise concerns about the security of advanced AI tools. Leggi di più

The White House Office of Science and Technology Policy released a memo on Wednesday alleging that entities in China are running industrial‑scale campaigns to distill U.S. artificial‑intelligence models. The memorandum pledges to share threat intelligence with American AI firms and to explore sanctions against the perpetrators. The claim builds on accusations from OpenAI and Anthropic that Chinese labs have used millions of queries to replicate frontier models. Lawmakers responded with the Deterring American AI Model Theft Act, while the memo arrives weeks before a planned Trump‑Xi summit in Beijing. Leggi di più

Anthropic disclosed that a small group of unauthorized users gained access to its newly released Claude Mythos model on the day the company announced a limited rollout. According to Bloomberg, the intruders guessed the model’s online location using details leaked from a prior breach at data‑training firm Mercur and insider knowledge from a contractor who had evaluated Anthropic’s models. Anthropic said it is investigating the incident and reviewing its monitoring systems, which were designed to log and track model usage. The breach, described by security researchers as a standard “educated guess” attack rather than a sophisticated exploit, did not appear to target the model’s advertised cybersecurity capabilities. The episode raises questions about the robustness of Anthropic’s security controls for a product it has marketed as a “watershed moment” for defending digital infrastructure. Leggi di più

Anthropic confirmed it is investigating a report that a group gained unauthorized entry to its Claude Mythos model through a third‑party vendor portal. The breach, discovered via internet‑sleuthing tools and a developer portal, appears limited to exploratory testing rather than malicious exploitation. Anthropic’s Claude Mythos, released under the Project Glasswing preview, had been limited to a handful of trusted firms such as Amazon, Microsoft, Apple, Cisco and Mozilla, which used the model to identify hundreds of software flaws. The incident has revived concerns about AI‑driven cyber threats and the company’s recent designation as a supply‑chain risk by the U.S. Department of Defense. Leggi di più

Anthropic’s new AI‑driven security tool, Mythos Preview, is being tested by several U.S. federal agencies, but the Cybersecurity and Infrastructure Security Agency (CISA) reportedly lacks access. While the Commerce Department and the National Security Agency are evaluating the model, CISA’s exclusion comes amid broader budget cuts and staffing limits imposed by the Trump administration, prompting questions about the nation’s readiness to defend critical infrastructure. Leggi di più

A small group of users gained entry to Anthropic’s restricted Claude Mythos Preview AI model on the day the company announced its launch, exploiting a third‑party vendor environment by guessing the model’s URL. Anthropic confirmed it is investigating the incident and said there is no evidence the breach affected its core systems. The episode highlights vulnerabilities in the way frontier AI tools are shielded behind external partners, raising concerns about the security of powerful cybersecurity AI models that can autonomously discover and exploit zero‑day vulnerabilities. Leggi di più

A private online forum has reportedly breached Anthropic’s newly unveiled cybersecurity AI, Mythos, according to Bloomberg. The group, linked to a Discord channel that hunts unreleased AI models, accessed the tool through a third‑party contractor that works with Anthropic. Anthropic confirmed it is investigating the incident but said no evidence yet shows the breach affected its own systems. Mythos, rolled out to a handful of vendors such as Apple under the Project Glasswing initiative, was designed to strengthen enterprise security, raising concerns that the tool could be repurposed by malicious actors. Leggi di più

Anthropic announced it will occupy a new 158,000‑square‑foot office in London, enough to house up to 800 employees—four times its current head count. The move aims to deepen the company’s research and commercial presence in Europe amid a talent race with other AI labs. The expansion comes as Anthropic faces a legal dispute with the U.S. Pentagon over its refusal to allow its models in mass‑surveillance or weapon systems, while the U.K. government seeks closer cooperation on AI safety and security. Leggi di più

Anthropic has begun rolling out identity verification for users of its Claude chatbot, requiring a government‑issued photo ID and a selfie in limited cases. The verification is handled by third‑party Persona, whose investors include Peter Thiel’s Founders Fund. While the company says the step targets fraudulent or abusive activity, many subscribers balk at the added biometric check, citing privacy concerns and the service’s ties to government surveillance firms. Anthropic maintains the data will be encrypted, not stored, and will never train its models. Leggi di più

Anthropic announced the limited release of Claude Mythos Preview, an AI model that can autonomously discover software flaws and generate working exploits. The company has placed the model in the hands of a select group of tech giants—including Microsoft, Apple, Google, and the Linux Foundation—through a consortium called Project Glasswing. Security experts say the system could dramatically lower the skill bar for creating multi‑stage exploit chains, prompting a reassessment of how organizations develop, patch, and defend software. Government officials are already discussing the potential fallout, underscoring the model’s far‑reaching implications. Leggi di più

Anthropic announced it will restrict access to its latest large‑language model, Mythos, citing the model’s advanced ability to uncover software vulnerabilities. Instead of a public rollout, the company will share Mythos with a select group of large enterprises, including Amazon Web Services and JPMorgan Chase. The move mirrors a broader industry trend of tightening model distribution to protect critical infrastructure and to curb the rise of model distillation that threatens frontier lab revenues. Analysts suggest the strategy also positions Anthropic for lucrative enterprise contracts while keeping competitors at bay. Leggi di più

Anthropic announced that its latest Claude model, dubbed Mythos, can locate and exploit software vulnerabilities at a level that rivals top human experts. Because the technology poses a significant security risk if released publicly, the company is restricting access to a select group of infrastructure providers through a new initiative called Project Glasswing. The consortium, which includes Apple, Amazon Web Services, Microsoft, Google and more than 40 other firms, will receive $100 million in usage credits and $4 million in donations to open‑source security projects. Anthropic says the partnership aims to shore up defenses before malicious actors can weaponize the model. Leggi di più

Anthropic announced the formation of Project Glasswing, a consortium that includes Microsoft, Apple, Google, Amazon Web Services, the Linux Foundation, Cisco, Nvidia and more than 40 other firms. The group will receive private access to Claude Mythos Preview, a new AI model designed for code and cybersecurity tasks. Anthropic says the collaboration will let participants probe the model’s ability to discover vulnerabilities, craft exploit chains and assess system misconfigurations before the technology is released publicly, aiming to safeguard digital infrastructure as AI capabilities accelerate. Leggi di più

A team led by KAIST has demonstrated that artificial‑intelligence models can be reverse‑engineered by capturing faint electromagnetic emissions from GPUs during normal operation. Using a small antenna hidden in a bag, the researchers collected traces from as far as six meters away, even through walls, and reconstructed key architectural details of AI systems with high accuracy. The technique, called ModelSpy, highlights a new physical‑layer vulnerability that bypasses traditional software and network defenses, raising concerns for companies that consider AI model designs as core intellectual property. Leggi di più

The Department of Defense has argued that allowing Anthropic continued access to its warfighting infrastructure would introduce an unacceptable risk to supply chains and national security. In a court filing responding to Anthropic's lawsuit over a supply‑chain risk designation, the Pentagon cited concerns that the company could disable or alter its AI models during operations if corporate “red lines” were crossed. The filing notes that the agency’s secretary, Pete Hegseth, included a provision in AI contracts permitting use for any lawful purpose, which Anthropic refused, prompting the department to label the partnership unsafe. Leggi di più