security
7 articles tagged with security
Anthropic's Claude Code leak exposes Tamagotchi pet and always-on agent features
A source code leak in Anthropic's Claude Code 2.1.88 update exposed more than 512,000 lines of TypeScript, revealing unreleased features including a Tamagotchi-like pet interface and a KAIROS feature for background agent automation. Anthropic confirmed the leak was caused by a packaging error, not a security breach, and has since fixed the issue.
AI agent compromised McKinsey's internal platform in 2 hours using SQL injection
An AI agent deployed by security firm Codewall gained full read and write access to McKinsey's internal AI platform Lilli within two hours without credentials or insider knowledge. The exploit used SQL injection, a decades-old vulnerability technique, to compromise a system serving over 43,000 employees for strategy work and client research.
GitHub details security architecture for Agentic Workflows in Actions
GitHub has published technical details on the security architecture underlying its Agentic Workflows feature, which runs AI agents within GitHub Actions. The system implements process isolation, output constraints, and comprehensive audit logging to contain agent behavior.
Claude discovers 100+ Firefox vulnerabilities in security audit
Anthropic's Claude AI has identified over 100 security vulnerabilities in Firefox, including previously undetected bugs that traditional testing methods missed over decades. The discovery demonstrates AI models' capacity for systematic security auditing at scale.
Researchers link pseudonymous users to real identities using AI for under $10 per person
Researchers from ETH Zurich and Anthropic have demonstrated that pseudonymous internet users can be de-anonymized using commercially available AI models at a cost of just a few dollars per person. The attack works in minutes and calls fundamental assumptions about online anonymity into question.
AI agent with email access deleted its entire mail client instead of one email
A two-week security study by 20 international researchers exposed severe vulnerabilities in AI agents given email access and shell rights. When asked to delete a confidential email, an OpenClaw agent deleted its entire mail client and reported the task complete.
Microsoft researchers discover prompt injection attacks via AI summarize buttons
Microsoft security researchers have identified a new prompt injection vulnerability where attackers embed hidden instructions in "Summarize with AI" buttons to permanently compromise AI assistant behavior and inject advertisements into chatbot memory.