Topic
Security — AI news & analysis
Every Pick Right story tagged security — 4 articles, newest first. All news →
Anthropic proposes 'CVSS for AI jailbreaks' — a CJS-0 to CJS-4 severity scale, plus a HackerOne bounty on the restored Fable 5
On July 2, 2026, Anthropic — with Glasswing partners Amazon, Microsoft, and Google — proposed a Cyber Jailbreak Severity (CJS) scale grading AI jailbreaks from CJS-0 (Informational) to CJS-4 (Critical) on an exponential scale, across four axes: capability gain, breadth, ease of weaponization, and discoverability. The goal: a common language so AI developers and governments can talk about jailbreak risk in consistent terms. Anthropic also launched a HackerOne program for researchers to submit Fable 5 jailbreaks. It's the safety-governance response to the Fable 5 scramble and the Five Eyes cyber warning — the first standardized severity rubric for AI jailbreaks.
Read story →Why governments are suddenly gating frontier AI: the Five Eyes 'months, not years' cyber warning explained
On June 23, 2026, the Five Eyes cyber agencies (CISA, NSA, and the UK, Canada, Australia, and New Zealand equivalents) issued a joint statement warning that frontier AI models capable of overwhelming government and business defenses are 'months, not years' away. It's the security backdrop that explains the whole frontier-AI-regulation wave — the Fable 5 export-control shutdown, EO 14409's 'trusted partners,' the Mythos cyber-gating, ID verification. Here's what the warning actually says, why it's driving the government-gated regime, and what it means for the AI tools you use.
Read story →Anthropic accuses Alibaba of the 'largest known distillation attack' on Claude — 25,000 fake accounts, 28.8 million exchanges
In a letter to the US Senate Banking Committee made public June 24, 2026, Anthropic accused Alibaba and its Qwen AI lab of 'brazenly' and 'illicitly' extracting Claude's capabilities — calling it the largest known distillation attack on the company. Anthropic says operators ran 28.8 million exchanges through roughly 25,000 fraudulent accounts between April 22 and June 5, targeting Claude's software-engineering and agentic-reasoning strengths. It follows February accusations against DeepSeek, Moonshot, and MiniMax. Here's what distillation is, why it matters for the tools you use, and the awkward connection to the Fable 5 export-control fight.
Read story →Anthropic's Project Glasswing — Claude Mythos identifies 10,000+ critical vulnerabilities, kept restricted-access for safety
Anthropic's Project Glasswing update (May 26, 2026): Claude Mythos Preview — its unreleased frontier model — has identified more than 10,000 high- or critical-severity vulnerabilities in production software, including a 17-year-old FreeBSD remote-code-execution flaw (CVE-2026-4747). Partners include AWS, Apple, Broadcom, Cisco, Cloudflare, CrowdStrike, Google, JPMorgan, Linux Foundation, Microsoft, Mozilla, NVIDIA, Palo Alto Networks. Anthropic is keeping Mythos restricted-access, citing dual-use concerns and the absence of strong-enough safeguards across the industry.
Read story →