惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

The Last Watchdog
The Last Watchdog
C
Cyber Attacks, Cyber Crime and Cyber Security
L
LINUX DO - 热门话题
G
GRAHAM CLULEY
S
Schneier on Security
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
S
SegmentFault 最新的问题
IT之家
IT之家
阮一峰的网络日志
阮一峰的网络日志
Recorded Future
Recorded Future
I
Intezer
云风的 BLOG
云风的 BLOG
博客园 - Franky
月光博客
月光博客
大猫的无限游戏
大猫的无限游戏
T
Tenable Blog
The Hacker News
The Hacker News
T
The Blog of Author Tim Ferriss
Attack and Defense Labs
Attack and Defense Labs
D
DataBreaches.Net
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
N
News and Events Feed by Topic
有赞技术团队
有赞技术团队
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
N
News and Events Feed by Topic
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
S
Secure Thoughts
The Register - Security
The Register - Security
B
Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
The Cloudflare Blog
Webroot Blog
Webroot Blog
W
WeLiveSecurity
H
Heimdal Security Blog
博客园 - 三生石上(FineUI控件)
V
Vulnerabilities – Threatpost
G
Google Developers Blog
O
OpenAI News
V
V2EX
罗磊的独立博客
博客园_首页
N
News | PayPal Newsroom
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
TaoSecurity Blog
TaoSecurity Blog
Cloudbric
Cloudbric
H
Hacker News: Front Page
博客园 - 叶小钗
T
Tor Project blog
AI
AI

MEDIANAMA

India in talks with US, Anthropic for Mythos access; no Indian firms in Project Glasswing yet Eternal Q4FY26: All Users Pay Higher Platform Fee, Only Some Get Discounts Amazon, Meta to challenge PhonePe-Google Pay dominance as UPI cap delayed since 2020 Meta failed to protect the safety of under-13s: European Commission If markets and regulators are ready for network slicing, we are ready: JIO Why defining ‘news’ won’t fix the free speech problems of draft IT Rules? #NAMA Eternal Q4FY26: Goyal Dismisses AI Disruption Risk as Zomato Quietly Builds Agentic Commerce Infrastructure Karnataka files appeal challenging the bike taxi ban lift in the Supreme Court How did WhatsApp turn 17 govt. flags into 9,400 digital arrest scam bans? Google Wallet integrates Aadhaar as digital ID, expands India’s mobile identity ecosystem Kerala HC issues notice on MediaOne’s Facebook page block in India MeitY warns VPN providers against enabling access to blocked betting platforms Shreya Singhal targeted private censorship. Today’s threat is the State #NAMA Amazon scales its quick delivery service ‘Amazon Now’ in 100 cities Can MeitY issue binding rules via advisories? Experts raise alarm over draft IT Rules #NAMA How 2019 election code of ethics became India’s three-hour content takedown mandate #NAMA Australia proposes new levy on big tech to fund news, opens draft law for consultation ‘judge, jury, executioner’: experts warn of Inter-Departmental Committee (IDC) overreach under New draft IT Rules Lowdown: TRAI flags low deployment under PM-WANI in public Wi-Fi consultation paper Why the NBFC licence matters for MobiKwik China blocks Meta-Manus deal, asserts origin-country jurisdiction: what this means for India ‘No transparency’: experts warn of expanding powers to block online speech in India #NAMA X launches standalone iOS messaging app XChat with encryption in India How India’s content takedown framework was built and where It has gone wrong #NAMA Claude Mythos puts India on alert: CERT-In, telcos, banks assess unprecedented cyber risks Explained: why did the RBI cancel Paytm’s banking licence? Meta now instantly blocks content in India Govt. asks ZEE5 to halt ‘Lawrence of Punjab’ web series release Online Gaming Rules notified, to be in effect from May 1, what are the major changes? RBI mandates additional factor authentication for e-mandates No notice, no explanation, no recourse: how content creators experience censorship in India #NAMA Telangana Police invokes UAPA to demand TeluguScribe’s user data from X Lowdown: RBI releases draft PPI rules covering capital requirements, wallet limits & escrow norms MeitY tightens AI label rules, mandates continuous disclosure Watch Live: IT Rules and the Future of Online Speech in India, Delhi April 23, #NAMA Govt. defends 4 PM YouTube ban, cites foreign influence and ‘digital lobbying’ in Delhi HC Anthropic’s Mythos AI accessed without approval via third-party vendor route: Report YouTube expands AI likeness detection tool to celebrities amid deepfake surge ECI orders 3-hour takedown rule for AI and fake content in elections Final Call: IT Rules and the Future of Online Speech in India, Delhi April 23, #NAMA Announcing Speakers: Victims of Censorship | IT Rules and the Future of Online Speech in India, Delhi April 23, #NAMA Apple withholds financial data as India App Store antitrust case heads to final hearing Sony rolls out age checks in Playstation in the UK, users to prove age to access chat Vercel confirms hack via third-party AI tool, says sensitive data safe Karnataka High Court stays blocking orders against Proton Mail J&K DMs impose sweeping 60-day social media curbs; IFF calls them “illegal, overbroad” Flipkart plans ticketing entry, food delivery pilot in May ahead of IPO ANI v OpenAI: Not Everything an LLM Does is Copyright Infringement EU’s “safe by design” age-verification app cracked in minutes, raising data security fears Molitics’ Instagram suspended days after Facebook ban Speaker Announcement: IT Rules and the Future of Online Speech in India, April 23, 2026, Delhi X has only responded to 13 out of 94 takedown notices since 2024: Centre tells Gujarat HC Jio Financial Services Q4FY26 profit declines 14% to Rs 272 crore Bombay HC cracks down on fake ‘NSE’ social media handles amid rising impersonation fraud Government drops proposal to mandate Aadhaar app on smartphones Ola’s Krutrim quietly shuts down its agentic AI assistant ‘Kruti’ Anthropic taps Peter Thiel-backed Persona for Claude ID checks, raising DPDP concerns YouTube rolls out option to turn off Shorts, expands time controls Amnesty calls for ‘immediate withdrawal’ of India’s 2026 IT Amendment Rules, cites threat to free speech and privacy Lowdown: Insurers have to comply with DPDP as IRDAI updates Cyber Security Guidelines European Commission proposes Google have to share search data with rivals under the DMA AIGEG: MeitY’s new AI governance body excludes regulators recommended by its own AI guidelines Amazon acquires Globalstar for $11.57 Billion: What it means for India European Commission rolls out privacy-focused age verification app for child safety Reading List: IT Rules and the future of online speech in India, April 23, Delhi #NAMA Digital rule, colonial echo – India’s IT Rules 2021 amendments Agenda: IT Rules and the future of online speech in India, Delhi, April 23 #NAMA Motorola gets court order to block YouTube videos critical of its phones in India Apple and Google promote ‘nudify’ apps despite policy bans, report finds National security could be used to mandate registration of online games HBO Max enters India via JioHotstar partnership Andhra Pradesh police detain stand-up comedian Anudeep Katikala over YouTube video jokes Aptoide sues Google for app store monopoly, alleges ‘anticompetitive chokehold’ HBO Pushes X to Unmask User Behind Euphoria Season 3 Spoilers Delhi HC directs DoT, MeitY to take action against Tucows for failing to take down infringing URLs in Premier League case Claude users say accounts suspended after being incorrectly flagged as minors MeitY may let users, intermediaries join content-blocking hearings Sucheta Dalal challenges Delhi Court order using ‘Right to Be Forgotten’ in Sterling Biotech case Govt launches Rs 10,000 Cr Startup India Fund of Funds 2.0 to bridge early-stage funding gap in deep tech Advisories as Law? Panelists Debate Legal Sanctity Under Draft IT Rules Amendments Independent journalists in Punjab allege censorship by ruling AAP using copyright strikes, IT act Supreme Court Issues Notice on PIL Seeking Biometric Verification of Voters Fact-check: MP Nishikant Dubey’s claim on X community notes & Australian tax is false “No scientific evidence”: 438 scientists call for pause on age-based controls until benefits and risks understood Developer partially bypasses Google’s AI watermark, undermining detection India’s deepfake rules rely on Event Announcement: IT Rules and the Future of Online Speech in India, April 23, #NAMA UK plans jail risk for tech executives over failure to remove intimate images Press bodies demand ‘unconditional withdrawal’ of draft amendment to IT Rules, warns of free speech threat Zoho revenue crosses Rs 12,000 crore in FY25, but profit slips 3% YouTube’s AI avatar tool for Shorts raises questions around India’s deepfake rules, personality rights Instagram expands safety settings on teen accounts with 13+ content ratings Digi Yatra is eyeing international travel roll-out with passport-based enrolment Meta’s new AI model Muse Spark is coming to WhatsApp. Here is what that means for Indian users Andhra Pradesh explores DigiLocker age tokens for social media curbs on children aged 13-16 Kunal Kamra tells Bombay HC police sent “thousands” of takedown notices via Sahyog portal Extra safeguard for the elderly: RBI suggests trusted person approval for high-value digital payments Delhi court orders Google to remove Sterling Biotech case links, cites ‘right to be forgotten’ RBI Proposes 1-hour delay, customer controls for digital payments as frauds surge Should only MIB-authorised apps be allowed to stream free TV on Smart TVs? TRAI Seeks Inputs OpenAI releases child safety policy framework recommendations to combat AI-enabled CSAM
Anthropic launches Claude Security for enterprises, but stops short of Mythos-level capabilities
Aakriti Bans · 2026-05-04 · via MEDIANAMA

You can access the original blog from here

Anthropic has launched Claude Security, a defensive vulnerability scanner for enterprise codebases, three weeks after its most powerful model Mythos alarmed governments worldwide including India. The tool runs on Opus 4.7, a model Anthropic deliberately built to be less capable than Mythos on cybersecurity tasks. It does not address Mythos-level vulnerabilities.

Does it address Mythos? Mythos is Anthropic’s most powerful model, capable of finding and exploiting software vulnerabilities autonomously across major operating systems and browsers, including bugs hidden for decades. Anthropic restricted it to roughly 40 companies under Project Glasswing, a cross-industry cybersecurity initiative, because of the threat it poses if misused.

On the day Mythos launched, a Discord group guessed its URL from Anthropic’s naming conventions, exploited contractor credentials, and accessed the model through a third-party vendor environment, raising questions about Anthropic’s ability to contain it. Anthropic said it is investigating the incident and found no impact on its core systems.

MediaNama founder Nikhil Pahwa identified the core structural problem in Reasoned last week: “A tool that compresses attack timelines without compressing defense timelines increases systemic risk before it improves security.”

Pahwa also flagged the institutional gap Claude Security does not close: “Vulnerabilities can now be surfaced at machine speed, while the systems responsible for fixing them still move through human, institutional timelines, often with the primary objective of protecting their reputation.”

How far behind is Opus 4.7? Anthropic has stated that it deliberately reduced Opus 4.7’s cyber capabilities during training compared to Mythos. On CyberGym, a UC Berkeley benchmark for cybersecurity capability, Mythos scored 83.1% against Opus 4.7’s 73.1%.

On the Firefox 147 exploit benchmark, Mythos produced 181 working exploits, code that actively takes advantage of a vulnerability to attack a system, compared to just 2 for Opus 4.6, a 90x gap. Anthropic calls Opus 4.7 the first model on which it has tested new cyber safeguards before any broader Mythos release.

What Claude Security is: Claude Security gives defenders a way to find and patch vulnerabilities in their own code before attackers using Mythos-grade tools find them first. Teams scan their codebase directly from the Claude.ai sidebar with no Application Programming Interface (API) setup or custom agent build required.

Currently only GitHub-hosted code repositories, where teams store and manage their software code, are supported. Access is available now to Claude Enterprise customers; while Team and Max customers get access soon.

Claude Security reads source code, traces how data moves across different parts of the code, and reasons about how components interact. It generates a confidence rating for each finding, explains its severity, and produces a suggested patch that teams can work through in Claude Code. It does not match against a list of known bugs.

Public beta features:

  • Scheduled scans: Set Claude Security to automatically scan code at regular intervals, so security checks happen continuously rather than only when a team remembers to run them
  • Targeted scans: Scan a specific section of code rather than the entire codebase, useful when reviewing a particular update or feature
  • Audit integration: Send scan results directly to tools like Slack or Jira that security and engineering teams already use, so findings reach the right people without extra steps
  • Triage tracking: Dismiss findings with documented reasons, so future reviewers skip issues that have already been assessed and focus only on new ones.

Partners: Technology partners embedding Opus 4.7 into their existing enterprise security platforms:

Services partners deploying Claude-integrated security solutions for enterprises:

  • Accenture
  • BCG
  • Deloitte
  • Infosys
  • PwC

“This is not AI simply augmenting security,” said Satish H.C., EVP and chief delivery officer at Infosys, in a statement to SecurityWeek. “It is AI redefining how enterprises defend themselves.”

India still locked out of Glasswing: No Indian company, bank, government agency, or telecom operator has secured admission to Project Glasswing. Ministry of Electronics and Information Technology (MeitY) Secretary S. Krishnan confirmed on April 28 that the government is still working out logistics with US authorities to include Indian entities. Nasscom has written to Anthropic arguing that Indian firms maintain critical code used by organisations worldwide and must be included. No resolution has been announced.

Finance Minister Nirmala Sitharaman chaired a meeting on April 23 with Reserve Bank of India (RBI), National Payments Corporation of India (NPCI), Indian Banks’ Association (IBA), and Indian Computer Emergency Response Team (CERT-In) officials, calling the Mythos threat “unprecedented.”

CERT-In has issued a high-severity advisory directing organisations to treat every critical vulnerability as exploitable within hours of disclosure, not weeks.

Airtel and Vodafone Idea are reviewing their network software vendors’ security practices. India’s 2018 data localisation rules create a direct compliance conflict that remains unresolved: payment system providers must store all transaction data on servers within India, while Mythos runs on strictly controlled US-based servers. NPCI has not publicly addressed this.

What Claude Security changes, and what it does not: Infosys, as a named services partner, can now deploy Claude Security to enterprise clients in India, giving Indian organisations an indirect path to Opus 4.7-powered vulnerability scanning. Indian companies still lack Mythos access, Glasswing membership, and a resolution to the data localisation conflict that blocks NPCI from using the model even if access comes through.

Pahwa set out the geopolitical dimension plainly in Reasoned: “Strategic technologies do not distribute their benefits evenly, even when their risks are universal. The strategic benefit flows first to the US and its allies. Mythos is built by a US company, access is gated by that company, and the capability is explicitly framed as part of maintaining technological lead. Meanwhile everyone is vulnerable.”

Pahwa drew an analogy to COVID-era vaccine distribution: “It is important to watch who gets access to the vaccines first.”

Indian policymakers, banks, and IT firms face the same unresolved question Mythos raised three weeks ago: how to defend against a weapon they cannot access, using a tool that is deliberately less capable than the weapon.

MediaNama has reached out to Anthropic for comment and will update this story if a response is received.

Also read: