Anthropic

🔴 Critical | Source: The Hacker News A flaw in Anthropic’s Claude Code GitHub Action allowed an attacker to hijack public repositories simply by opening a malicious GitHub issue, requiring no authentication or special access. Because Anthropic’s own repository used the same vulnerable workflow, a successful attack could have injected malicious code into the action itself, poisoning every downstream project that consumes it. Researcher RyotaK of GMO discovered and reported the issue. ...

🟠 High | Source: The Hacker News Agentic AI systems are increasingly being deployed in defence and security networks, but this introduces new attack surfaces — illustrated by reports that an unauthorised group claimed access to Anthropic’s Claude Mythos model within hours of a limited technical preview. The incident highlights that AI capabilities in high-stakes environments are only as secure as the infrastructure underpinning them. Without robust access controls, segmentation, and identity governance, agentic AI deployments can become a significant liability rather than a force multiplier. ...

🟢 Low | Source: The Register — Security Anthropic has expanded its Glasswing partner programme fourfold, inducting 150 new organisations including the first non-US members, while UK banks have notably been excluded from the initiative. In parallel, OpenAI is offering UK financial institutions access to GPT-5.5, highlighting a competitive dynamic in AI partnerships within the regulated financial sector. The exclusion raises questions around data sovereignty, regulatory compliance, and which AI vendors UK-regulated entities can practically partner with. ...

🟢 Low | Source: The Register — Security Anthropic has expanded its Glasswing partner programme fourfold, inducting 150 new organisations including the first non-US members, while UK banks have notably been excluded. OpenAI has moved to fill the gap by offering UK financial institutions access to GPT-5.5. The development highlights growing competitive dynamics in enterprise AI access and raises questions about supply chain concentration risk for financial sector security teams. Architect’s Take: Cloud security architects in UK financial services should assess the security posture, data residency commitments, and compliance certifications of any AI provider they are offered as an alternative — do not treat OpenAI’s GPT-5.5 access as a like-for-like replacement for Anthropic without conducting due diligence on API security controls, data handling agreements, and regulatory alignment with FCA/PRA expectations. ...

🟢 Low | Source: The Register — Security Cisco has publicly praised its AI model ‘Mythos’ for its performance in automated vulnerability discovery but has declined to disclose the number of bugs it actually found. Separately, Anthropic has expanded its Project Glasswing initiative by adding 150 new partners, signalling growing industry investment in AI-driven security tooling. The opacity around Mythos’ results raises questions about transparency and how organisations should evaluate AI security claims. ...