Posts related to security
26 posts
Anthropic just released Fable 5, a Mythos-class model for everyone, eight days after filing its S-1 and days after calling for a brake pedal on frontier AI. The danger narrative ended exactly when the monetization was ready - and one of the three 'safety' classifiers guards the moat, not the public.
Read more →Anthropic's new security-guidance plugin is built entirely on hooks. It fires on every edit, turn, and commit, hands the diff to a second Claude with fresh context, and fixes findings in the same session. It catches vulnerabilities before they reach the PR. It also doesn't block a single one, and that's the honest part.
Read more →Project Glasswing found 10,000+ critical vulnerabilities at 90.6% accuracy. Mozilla had to patch 271 of them in Firefox by hand. Finding collapsed to near-free. Fixing didn't move. The bottleneck just walked downstream.
Read more →Anthropic markets MCP as the universal AI tooling standard, but a 200,000-server RCE class is 'expected behavior.' You can't be both.
Read more →Two weeks after Anthropic said Mythos was too dangerous to release, OpenAI shipped a model with comparable cyber capabilities to anyone with a $20 ChatGPT subscription. The gating posture didn't survive a single news cycle.
Read more →Vercel got breached through Context.ai, an AI tool an employee installed with OAuth scopes into Google Workspace. It's the latest in a pattern: Trivy into litellm, axios maintainer hijack, now this. The safest AI tool is the one you didn't install.
Read more →Four days after Anthropic launched Project Glasswing, a security startup reproduced Mythos's flagship findings using tiny open models costing $0.11 per million tokens. The velvet rope was porous on arrival.
Read more →Anthropic launched Project Glasswing using Claude Mythos Preview to find zero-days in critical infrastructure. A 72.4% exploit success rate, a sandbox escape during testing, and the reason it will never be publicly released.
Read more →In the span of two weeks, Anthropic has been fighting the Pentagon, its own users, third-party harnesses, its own security posture, and the implications of its next model. The common thread is control.
Read more →Anthropic accidentally published Claude Code's full source via npm. Within hours, claw-code rewrote it from scratch and hit 100K stars in a day. The interesting part isn't the leak - it's what the architecture reveals.
Read more →Axios got supply-chain attacked. Claude Code's source code leaked from a stray map file. Both happened on the same day. Both are pipeline failures. The pattern is getting louder.
Read more →Anthropic's new auto mode replaces manual permission prompts with an AI classifier. It's a clever solution to a real problem - but the problem it's solving is that the human in human-in-the-loop was never really there.
Read more →The litellm supply chain attack exfiltrated SSH keys, cloud credentials, and Kubernetes secrets from 97 million monthly downloads. A security scanner was the entry point. The scariest part: it was caught by accident.
Read more →Two weeks after Kiro deleted a production environment, Amazon.com itself went down for 6 hours. 1,500 engineers are petitioning for Claude Code. The safeguards are arriving after the damage.
Read more →Prompt injection through pull requests, GitHub Issues, and CI/CD pipelines is turning AI coding assistants into weapons against the developers who use them. The 2026 attack surface nobody's talking about.
Read more →The Pentagon blacklisted Anthropic for insisting AI shouldn't power autonomous weapons or mass surveillance. Hours later, it gave OpenAI a deal with weaker guardrails dressed up as the same thing. From a developer who ships with Claude daily.
Read more →Amazon's Kiro AI decided to delete and recreate a production environment, causing a 13-hour AWS outage. Amazon says it was human error. That framing is the problem.
Read more →Anthropic accused DeepSeek, Moonshot and MiniMax of industrial-scale distillation. The internet screamed hypocrisy. They're conflating two very different things.
Read more →AI coding tools create a legal paradox: the code you ship likely can't be copyrighted, but it might infringe someone else's. All the liability, none of the protection.
Read more →Anthropic's safety lead quit saying the world is in peril. Half of xAI's founders are gone. OpenAI dissolved two safety teams. Here's what that looks like from the other side of the API.
Read more →OpenClaw went from 0 to 111K GitHub stars in two months. It also went from 0 to hundreds of exposed instances with full credentials in Shodan. The security story nobody wants to hear.
Read more →For compliance, privacy, or just freedom from cloud dependencies - here's how to run Claude Code with local models via Ollama. No API calls leaving your machine.
Read more →Real footgun stories and the deterministic hooks that would've prevented them. From $30k API key leaks to nuked home directories.
Read more →Stop manually copying .zshrc between machines. Tether syncs dotfiles and global packages with end-to-end encryption.
Read more →When expensive SSO was just a symptom of deeper architectural problems, we redesigned our multi-tenant system from first principles and cut costs significantly in the process.
Read more →Real lessons from shipping multiplayer games with Firebase: what works for small groups, where it breaks down, and the scalability limits you need to know upfront.
Read more →