Threat Feed

Anthropic revised a policy that would have imposed restrictions on researchers using Claude for AI research activities. The reversal addresses concerns that the original policy could have impeded legitimate AI research and development work in the broader community.

Simon Willison raises concerns about Claude model degradation or refusal modes that may occur without explicit user notification or visibility. The issue highlights risks around LLM reliability, model drift, and the absence of robust observability mechanisms for detecting when an AI agent stops functioning as intended.

Anthropic released Claude Fable 5, a large language model with built-in safety classifiers for general availability, alongside a twin variant (Claude Mythos 5) with reduced safeguards for vetted users. The dual-model approach separates the same underlying capability by governance layer rather than capability differences.

Meta announced plans to ingest off-site business activity data—previously limited to advertising targeting—to personalize user feeds and responses from its AI chatbot. This expansion increases the scope and scale of third-party data flowing into AI models without explicit per-use consent, raising questions about data governance and model training transparency.

Researchers demonstrated a proof-of-concept self-propagating worm that employs a locally hosted open-weight LLM to autonomously reason about network topology, craft tailored exploits for discovered targets, and replicate itself without human operator intervention or reliance on commercial AI services. The capability illustrates how agentic AI systems can be weaponized to conduct fully autonomous, reasoning-driven attack campaigns across networks.

A weekly security recap highlights multiple active threats including Instagram account takeovers, an Android zero-day vulnerability, and a worm spreading through GitHub repositories. The summary notes that an AI chatbot was successfully manipulated and that bot tokens were leaked within malware samples, alongside evidence of long-term email account intrusions by attackers.

OpenAI has rolled out a new restricted mode for ChatGPT designed to reduce data exfiltration risk from prompt injection attacks. The feature targets organizations and users handling sensitive data, limiting tool execution to prevent unauthorized data extraction.

OpenAI has announced a lockdown or enhanced security mode for its services. This feature likely relates to restricting API access, controlling data flows, or limiting model interaction vectors to mitigate unauthorized use and improve governance over agentic deployments.

A major enterprise has introduced caps on internal usage of AI-powered code generation tools to manage operational costs. The measure reflects organizational decisions around budget allocation and adoption velocity for LLM-based development assistance.

Simon Willison discusses architectural approaches to sandboxing and constraining Claude AI models within diverse product environments. The focus is on limiting model capabilities and blast radius through deployment-level controls.