Anthropic published a coordinated vulnerability disclosure framework for bugs its AI systems help identify in open-source and authorized closed-source software. The policy adds concrete timelines, human review requirements, and escalation paths as coding agents become more capable security researchers.
Anthropic said on X that it will support a Linux Foundation effort to secure open source software as AI increases the scale of vulnerability discovery. The associated Linux Foundation release says Anthropic and six other tech groups are providing $12.5 million through Alpha-Omega and OpenSSF.
On February 5, 2026, OpenAI launched Trusted Access for Cyber, an identity-verified program that gives defenders controlled access to enhanced cyber capabilities built on GPT-5.3-Codex. OpenAI paired the pilot with automated monitoring and a $10 million grant program for security researchers and infrastructure defenders.
The FBI's Seattle Division posted a victim-information notice dated March 11, 2026 seeking people who installed Steam games embedded with malware, turning a run of storefront safety incidents into an active federal victim-identification effort.
Anthropic published a coordinated vulnerability disclosure framework on March 6, 2026 for vulnerabilities discovered by Claude. The policy sets a default 90-day disclosure path, a compressed 7-day path for actively exploited critical bugs, and a 45-day buffer after patches before technical details are usually published.
Anthropic put Claude Code Security into limited research preview for Enterprise and Team customers. The tool reasons over whole codebases, ranks severity and confidence, and proposes patches for human review.
IBM says attacks that started with exploitation of public-facing applications rose 44% year over year in its 2026 X-Force Threat Index. The report also says vulnerability exploitation made up 40% of incidents observed in 2025 and that more than 300,000 ChatGPT credentials were exposed by infostealers.
The Anthropic-Mozilla collaboration that spread on Hacker News disclosed that Claude Opus 4.6 found 22 Firefox vulnerabilities, 14 of them high-severity. The durable lesson is not autonomous magic but faster defender workflows built around validation, triage, and reproducible evidence.
Microsoft Threat Intelligence said on March 6, 2026 that attackers are now using AI throughout the cyberattack lifecycle, from research and phishing to malware debugging and post-compromise triage. The report argues that AI is not yet running fully autonomous intrusions at scale, but it is already improving attacker speed, scale, and persistence.
Anthropic published a March 6, 2026 case study showing how Claude Opus 4.6 authored a working test exploit for Firefox vulnerability CVE-2026-2796. The company presents the result as an early warning about advancing model cyber capabilities, not as proof of reliable real-world offensive automation.
OpenAI’s February 2026 safety report says it banned accounts linked to seven operations originating in China. The company says abuse covered cyber activity, covert influence, and scams, while overall malicious use remained low versus legitimate use.
OpenAI and Paradigm launched EVMbench, a benchmark for AI agent performance on smart contract detection, patching, and exploitation tasks. OpenAI reports GPT-5.3-Codex scored 72.2% in exploit mode versus 31.9% for GPT-5.