LIVE FEED
Anthropic Releases Claude Mythos 5 Under U.S. Export Controls

Anthropic Releases Claude Mythos 5 Under U.S. Export Controls

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.8 Anthropic (via HN)

The U.S. Commerce Department has lifted export controls on Anthropic's Claude Mythos 5, permitting access to over 100 vetted U.S. institutions and government agencies under a nascent federal AI licensing regime. For defenders, this tiered-release model introduces a new class of risk: the 'trusted partner' designation becomes a high-value target, as compromise of any listed entity grants implicit legitimacy to interact with a model previously deemed too dangerous for general release. Security teams at approved organizations should treat Mythos 5 access credentials and API endpoints as critical assets, and assume adversaries will probe the boundary between licensed and unlicensed access patterns.

AWS SageMaker Ships 100+ Inference Metrics to CloudWatch

AWS SageMaker Ships 100+ Inference Metrics to CloudWatch

FIRST LOOK ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.2 AWS Machine Learning Blog

AWS has released a deep observability layer for SageMaker AI inference endpoints, emitting over 100 metrics covering GPU health, KV cache pressure, token-level latency, and traffic distribution into a native CloudWatch Insights dashboard with PromQL-compatible export. For defenders, this centralised telemetry surface introduces new reconnaissance and exfiltration vectors: an adversary with read access to CloudWatch or connected third-party tools (Grafana, Datadog) can infer model architecture, request patterns, and capacity limits without touching the model itself. The richness of these signals also raises insider-threat risk, as operational staff now have granular visibility into inference behaviour that can be leveraged to reverse-engineer model characteristics or plan targeted denial-of-service campaigns.

AWS Launches Amazon Quick Autonomous Agents

AWS Launches Amazon Quick Autonomous Agents

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.2 AWS Machine Learning Blog

AWS has shipped autonomous agents in Amazon Quick, an AI assistant that continuously executes tasks — including CRM updates, email drafting, and compliance monitoring — on behalf of users while connected to dozens of enterprise data sources and applications. This dramatically expands the attack surface for business-context compromise: a single successful prompt injection or account takeover can now translate into persistent, automated actions across an organisation's entire connected app ecosystem. Defenders must treat these agents as privileged service accounts with broad, continuous write-access, requiring dedicated monitoring, least-privilege scoping, and explicit human-in-the-loop gates for sensitive actions.

Claude Source Code Leak Reveals AI Supply Chain Risk

Claude Source Code Leak Reveals AI Supply Chain Risk

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.2 Dark Reading

A reported source code leak affecting Claude, Anthropic's large language model, underscores systemic weaknesses in AI software supply chains and the absence of robust oversight mechanisms at critical development and distribution layers. The incident highlights how proprietary model code, training pipelines, and system prompts can become high-value targets for adversarial actors seeking to enable model theft, backdoor insertion, or competitive intelligence gathering. This event serves as a broader warning about treating AI development infrastructure with the same rigor applied to other critical systems.

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.