LIVE FEED
Prompt Injection Attacks Claude Code and Codex Execution

Prompt Injection Attacks Claude Code and Codex Execution

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 9.2 The Hacker News

Researchers at the AI Now Institute have demonstrated a proof-of-concept attack dubbed 'Friendly Fire' that tricks AI coding agents — specifically Anthropic's Claude Code and OpenAI's Codex in autonomous mode — into executing malicious binaries while performing routine security reviews. The attack embeds a disguised payload inside an open-source library and uses a plain README.md instruction to direct the agent to run a malicious shell script, bypassing existing trust-prompt defences. Because the weakness is architectural rather than version-specific, no patch exists; mitigation requires workflow changes.

Anthropic Mythos LLM Scans Federal Software for Vulnerabilities

Anthropic Mythos LLM Scans Federal Software for Vulnerabilities

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.5 SecurityWeek

CISA's Attack Surface Evaluation team is reportedly leveraging Anthropic's 'Mythos' model to scan federal government software for security vulnerabilities, representing a significant expansion of AI-assisted offensive security tooling in critical infrastructure defence. The deployment raises important questions about the trustworthiness of LLM-driven vulnerability assessment, potential for model-induced false negatives, and the security of the AI pipeline itself when applied to sensitive government codebases. This marks one of the most prominent known uses of a commercial LLM in an active U.S. government cyber defence role.

Claude Opus Discovers API Flaw Enabling Ticket Fraud

Claude Opus Discovers API Flaw Enabling Ticket Fraud

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.2 Wired Security

Security researcher Ian Carroll leveraged Anthropic's Claude Opus 4.7 to identify a critical vulnerability in Front Gate Tickets—a Live Nation subsidiary handling ticketing for major US festivals—that granted super-administrator access and the ability to freely issue tickets of any value. The case demonstrates LLM-assisted autonomous vulnerability discovery at scale, with Carroll noting the AI could likely have completed the full exploit chain without human intervention. Front Gate patched the flaw within 24 hours of disclosure, confirming no evidence of prior exploitation.

Anthropic Ships Mythos for AI-Driven Bug Discovery

Anthropic Ships Mythos for AI-Driven Bug Discovery

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.8 Dark Reading

Anthropic's Mythos capability, combined with IBM and Red Hat's Project Lightwell service backed by 20,000 engineers and $5B, introduces an AI-driven pipeline for discovering and remediating bugs in open-source software at industrial scale. This creates a dual-edged attack surface: adversaries who can influence Mythos's findings, its training data, or the remediation pipeline gain a privileged position to inject subtle vulnerabilities into widely-deployed open-source components. Defenders must treat the AI vulnerability-finding and patch-generation pipeline itself as a high-value, high-risk supply chain asset requiring rigorous integrity controls.

Anthropic Releases Mythos and Fable Models with Global Access

Anthropic Releases Mythos and Fable Models with Global Access

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 6.8 TechCrunch AI

The US government has lifted export restrictions on Anthropic's Mythos and Fable models, restoring broad international access to what are described as the most capable AI models publicly available, with Mythos specifically noted for its advanced ability to identify and exploit software vulnerabilities. Defenders must now contend with a significantly wider pool of threat actors — including foreign nationals and nation-state-affiliated researchers — who can access a model with documented offensive security capabilities. The policy reversal also introduces regulatory uncertainty that complicates enterprise risk assessments, as organizations cannot rely on stable governance signals to calibrate their AI security postures.

Claude Code Indirect Prompt Injection Spawns Reverse Shell

Claude Code Indirect Prompt Injection Spawns Reverse Shell

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.5 SecurityWeek

Researchers have demonstrated that indirect prompt injection attacks embedded within seemingly benign code repositories can cause Claude Code — Anthropic's agentic coding assistant — to spawn a reverse shell on a developer's machine. The attack exploits Claude Code's autonomous execution capabilities, using hidden instructions in repository content to hijack the host system without any explicit user consent. This highlights a critical risk in agentic AI tools that operate with elevated system privileges in developer environments.

Anthropic CEO: Open-Source AI Models Pose Systemic Safety Risk

Anthropic CEO: Open-Source AI Models Pose Systemic Safety Risk

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 6.2 Meta AI (via HN)

Anthropic CEO Dario Amodei testified to lawmakers that open-source AI models present a systemic safety risk because once released, developers lose the ability to monitor misuse, revoke access, or patch safety guardrails. For defenders, this formalises a long-standing asymmetry: closed-source safety controls (rate-limiting, usage monitoring, kill-switches) become irrelevant once capable weights are publicly distributed. Security teams building on or competing against open-weight models must now treat every downloaded model artifact as a potentially unpatched, unmonitored endpoint that can be fine-tuned to remove safety constraints entirely.

Sakana AI and 360 Launch Fugu and Tulongfeng Models

Sakana AI and 360 Launch Fugu and Tulongfeng Models

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 6.8 Cohere AI (via HN)

Sakana AI's Fugu and Chinese firm 360's Tulongfeng are frontier AI models positioned as functional alternatives to Anthropic's export-restricted Mythos and Fable 5, with Fugu explicitly designed for agentic orchestration across third-party model APIs. For defenders, the proliferation of cybersecurity-focused frontier models outside US regulatory reach removes a key friction point that previously slowed adversary access to high-capability AI offensive tooling. The agentic, multi-model orchestration design of Fugu in particular introduces compounded supply-chain and prompt-injection risk for any enterprise connecting these models to existing tool ecosystems.

Anthropic Releases Claude Mythos 5 Under U.S. Export Controls

Anthropic Releases Claude Mythos 5 Under U.S. Export Controls

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.8 Anthropic (via HN)

The U.S. Commerce Department has lifted export controls on Anthropic's Claude Mythos 5, permitting access to over 100 vetted U.S. institutions and government agencies under a nascent federal AI licensing regime. For defenders, this tiered-release model introduces a new class of risk: the 'trusted partner' designation becomes a high-value target, as compromise of any listed entity grants implicit legitimacy to interact with a model previously deemed too dangerous for general release. Security teams at approved organizations should treat Mythos 5 access credentials and API endpoints as critical assets, and assume adversaries will probe the boundary between licensed and unlicensed access patterns.

Anthropic Launches Claude Cowork Mobile with Remote Control

Anthropic Launches Claude Cowork Mobile with Remote Control

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 BleepingComputer

Anthropic is expanding its Claude Cowork agentic desktop feature to mobile, enabling users to remotely initiate, monitor, and steer long-running AI tasks on their PC from a smartphone — with background task execution persisting even after the mobile app is closed. This cross-device architecture introduces a new attack surface: a mobile application acting as a command-and-control interface for an agent with local filesystem access, expanding the blast radius of device compromise, session hijacking, and prompt injection attacks. Defenders must now account for a persistent, background-running agentic process on employee endpoints that can be triggered or manipulated via a separate, potentially less-secured mobile channel.

Anthropic's Mythos AI Breached Classified US Government Systems in Hours

Anthropic's Mythos AI Breached Classified US Government Systems in Hours

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 9.1 SecurityWeek

Anthropic's Mythos AI model identified vulnerabilities in classified US government computer systems within hours during a government-sanctioned testing exercise under Project Glasswing. A senior US official confirmed the findings to the Associated Press, corroborating statements made by Sen. Mark Warner that the model 'broke into almost all of our classified systems.' The incident marks a landmark demonstration of AI-enabled offensive cyber capability at the highest sensitivity levels of government infrastructure.

Anthropic Enhances AI Agent Skill Scanner Security

Anthropic Enhances AI Agent Skill Scanner Security

FIRST LOOK ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 9.2 The Hacker News

Security firm AIR demonstrated that a malicious AI agent skill, disguised as a Google Stitch landing-page builder, passed every major skill scanner including Cisco's, NVIDIA's, and skills.sh integrations, reaching approximately 26,000 agents before its payload was activated. The attack exploits a structural gap: scanners evaluate a static package at submission time, while the external URL the skill instructs the agent to fetch can be silently swapped post-install to deliver arbitrary instructions. Defenders relying on marketplace reputation signals, GitHub star counts, or one-time scanner verdicts to gatekeep agent skills have no meaningful protection against this class of supply-chain attack.

Anthropic Launches Claude Code with Local Memory Layer

Anthropic Launches Claude Code with Local Memory Layer

FIRST LOOK ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 5.8 Anthropic (via HN)

Recall is an open-source, fully-local memory layer for Anthropic's Claude Code that persists and summarises project context across coding sessions without sending data to external services. For defenders, the introduction of a persistent, file-based context store creates a new attack surface: a poisoned or tampered memory file can silently inject malicious instructions into every subsequent Claude Code session. Security teams should treat the local memory store as a trusted-input boundary and apply appropriate file-integrity and access controls.

Anthropic's Mythos 5 and Fable 5 Hit by Export Block

Anthropic's Mythos 5 and Fable 5 Hit by Export Block

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 TechCrunch AI

The Trump administration's overnight export block of Anthropic's Mythos 5 and Fable 5 models — triggered by reported safety guardrail bypass vulnerabilities flagged by Amazon — has exposed the fragility of international AI supply chains built on U.S.-controlled infrastructure. For defenders, this event crystallises a critical dependency risk: organisations and governments that have embedded American AI models into critical systems now face the possibility of abrupt, unexplained access revocation with no remediation path. Security teams must now treat AI vendor access continuity as a threat vector equivalent to a third-party SaaS outage, and accelerate contingency planning around model substitution and sovereign alternatives.

Anthropic Ships Claude Fable 5 with Exploit Generation

Anthropic Ships Claude Fable 5 with Exploit Generation

FIRST LOOK ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 8.7 Wired Security

Anthropic's Mythos 5 and Claude Fable 5 represent the arrival of frontier AI models with demonstrated, advanced vulnerability discovery and exploit-development capabilities — a capability class that will rapidly proliferate across multiple vendors and open-weight releases. The core attack surface is not model-specific: guardrail bypass of the consumer-facing Fable 5 exposes full Mythos-grade offensive capability to any actor who can defeat the content filters, while the broader proliferation trajectory means defenders must assume adversary access to equivalent capabilities within months. The regulatory response addresses a single vendor while doing nothing to raise the floor for the broader ecosystem of competitive and open-weight models following close behind.

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.