Every processed story in chronological order, with the newest coverage first. Filter by tag, source, or score to drill in.
The Covered Models framework removes the zero data retention option for Anthropic's most capable models, meaning enterprise and API customers who previously relied on that setting must use prior Claude models to maintain it.
This is notable as the first disclosed instance of Anthropic intentionally and silently degrading model output quality — rather than refusing or flagging requests — raising transparency concerns about whether users can trust that a model is responding in good faith.
The attack demonstrates that malware can achieve persistent re-execution through Claude Code and VS Code configuration files that survive package cleanup, and that a single compromised developer credential is sufficient to poison a trusted vendor's entire build pipeline and propagate the worm automatically to new packages.
The general availability of security validation for third-party coding agents means repositories using agents like Claude and OpenAI Codex now have a supported security layer for agent-driven code changes.
IntentProbe addresses a gap the post identifies in existing MCP security tooling: the inability of text-based classifiers to distinguish safe from poisoned tool descriptions when both use nearly identical vocabulary, a scenario where the post reports the strongest reproducible DeBERTa baseline scored 0% recall.
The attack demonstrates that the unauthenticated nature of Sentry DSNs creates an exploitable input channel for prompt-injection-style attacks against coding agents, and that the only control that worked in the reported case was the model's own judgment — a defense the post explicitly flags as unreliable.
Security and AI practitioners must account for a new class of adaptive malware that bypasses both traditional patch-based defenses and centralized AI safety controls by running open-weight models on compromised infrastructure at zero marginal cost to the attacker.
Security-conscious practitioners handling sensitive data in ChatGPT now have a deterministic, non-AI-evaluated control to block the exfiltration stage of prompt injection attacks — the hardest-to-defend leg of the threat model.
Practitioners running local coding agents should understand the concrete security tradeoffs — and the specific mitigations (`/sandbox`, deny rules for credential paths) and architectural alternatives (cloud-based Firecracker micro-VMs) described here.
Watch git commit history for the string `HERMES.md` if using Claude Code on a Max plan — its presence can silently exhaust extra usage credits instead of drawing from included plan quota.