top of page
ALL POSTS
Fileless Infostealer Attacks Target Claude Code Users Through Counterfeit Anthropic Platforms
Key Findings Active credential theft campaign targeting Claude Code users exploiting rapid AI tool adoption Attack chain begins with SEO poisoning directing victims to spoofed Anthropic installation pages Fileless infostealer uses MP3/HTA polyglot payload and in-memory execution to evade detection Command and control infrastructure routes through Russian IP infrastructure at 185.177.239.255 Anthropic's systems have not been compromised; attack targets individual users lacking
May 313 min read
Anthropic's Claude Mythos AI Uncovers 10,000+ Critical Software Vulnerabilities in First Month
Key Findings Project Glasswing, Anthropic's month-old initiative using Claude Mythos AI, uncovered over 10,000 high or critical-severity vulnerabilities in systemically important software Partner bug discovery rates increased more than tenfold, with Cloudflare identifying 2,000 bugs across critical systems Independent security evaluations confirmed over 90% validity of flagged vulnerabilities, with over 62% confirmed as high or critical severity A critical certificate forgery
May 263 min read
AI Shatters All Records in Autonomous Cyber Capability Benchmarks
Key Findings Claude Mythos Preview and GPT-5.5 have dramatically exceeded all tracked benchmarks for autonomous cybersecurity capabilities Task completion timelines have accelerated to double approximately every four months, compared to previous estimates of five to eight months Claude Mythos Preview became the first model to complete both of the UK's AI Security Institute cyber range simulations Palo Alto Networks identified 26 critical vulnerabilities across 130+ products t
May 143 min read
Claude Source Code Accidentally Leaked Through NPM Package Error
Key Findings Anthropic confirmed Claude Code source code was accidentally exposed via npm package version 2.1.88 due to human error in packaging, not a security breach Nearly 2,000 TypeScript files and over 512,000 lines of code were leaked through a source map file and quickly spread across public repositories The leaked codebase revealed advanced features including KAIROS autonomous daemon mode, self-healing memory architecture, Undercover Mode for stealth contributions, an
Apr 13 min read
Anthropic Claims Chinese AI Firms 'Distilled' Claude for Training Their Models
Key Findings Anthropic, the developer of the Claude AI chatbot, has accused several Chinese AI firms, including DeepSeek, MiniMax, and Moonshot AI, of attempting to "distill" Claude's capabilities to train their own models. Distillation refers to the practice of training a new AI model by learning from the outputs of an existing model, rather than using the original training data. Anthropic claims these Chinese firms engaged in coordinated, large-scale efforts to access Claud
Feb 242 min read
Claude Opus 4.6 \\ Anthropic
Key Findings Anthropic's latest AI model, Claude Opus 4.6, has found over 500 previously unknown high-severity security flaws in major open-source libraries like Ghostscript, OpenSC, and CGIF. The model was able to identify vulnerabilities by parsing commit histories, spotting dangerous functions, and understanding complex algorithmic concepts. Anthropic says Opus 4.6 can "read and reason about code the way a human researcher would", enabling it to find vulnerabilities that t
Feb 62 min read
bottom of page
